.NET
Just found that reflection in .NET allows to violate class members access modifiers, e.g. you could easely get/set private class members. Isn't it a violation of basic OOP principles?
.NET reflection is subject to security checks. Full trust code can use reflections without restrictions otherwise you need ReflectionPermission with the ReflectionPermissionFlag.MemberAccess flag. See Security Considerations for Reflection for more details.
Another example is build-in serialization mechanizm in .NET. Again it has access to all private class members in order to serialize instance state.
Java
Quick investigation shows that Java has similar possibilities, but one additional level of protection. Private members are not accesible by default and even trusted code have to call FieldInfo.setAccessible(true) explicitly before accessing private field. Even if you call setAccessible(true) but running code has no enougth permissions (e.g. it is an applet) you will get access denied exeption (ReflectPermission).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment