Re: Need a new access modifier?
John Ersatznom wrote:
I've read somewhere that inner class access to a "private" member of a
nesting class causes it to be silently treated as "package-private" by
the compiler, with security implications.
The basic unit of mobile code security in Java is the package (not to be
mixed up with a 'namespace'). Don't be confused by individual signatures
for class files.
Any given ClassLoader will load into a single package only classes that
are signed with the same certificate (or only unsigned classes). Classes
with the same package name loaded by different ClassLoaders, even with a
parent-child relationship, will not have package access to one another.
So if I sign my package, you cannot get your classes in without
stripping off the signature.
The documentation for a lot of this isn't to great. Published books and
articles (most of which copy one another) are largely inaccurate. If you
do find a workable way the security, the relevant contact details for
reporting the issue are here:
http://sunsolve.sun.com/pub-cgi/show.pl?target=security/sec
Tom Hawtin
--
http://jroller.com/page/tackline?catname=Security