Lambdas and serialization
Peter Levart
peter.levart at marand.si
Wed Oct 20 08:04:24 PDT 2010
On 10/19/10, Rémi Forax wrote:
> Le 19/10/2010 17:41, Maurizio Cimadamore a écrit :
>
> [...]
>
> >> Lambda are not serializable, like java.lang.reflect.Method
> >> because it will create tons of security holes.
> > You mean method handles are not serializable? What are the security
> > holes deriving from serializable lambda (assuming latest Brian's
> > document) ?
>
> If you can serialize a lambda, you are able to forge a binary blob which
> once decoded by the serialization
> is a reference any private method.
Hasn't JSR 292 promissed to provide a two way conversion API between java.dyn.MethodHandle <-> (java.lang.reflect.Method,Constructor)? This API could be used by compiler (JVM) generated SAM subclass (a single generic sub-class per SAM type) to enable serialization of MethoHandle in the following way:
Serialization:
java.dyn.MethodHandle --> java.lang.reflect.Method --> bytestream
De-serialization:
bytestream --> java.lang.reflect.Method --(access check)--> java.dyn.MethodHandle
Regards, Peter
>
> >
> > Maurizio
>
> Rémi
>
>
>
More information about the lambda-dev
mailing list