java.lang.invoke vs java.lang.reflect, redundancy and security
Eric Bodden
eric.bodden at ec-spride.de
Wed Jan 16 06:46:16 PST 2013
Hi all.
The discussion I had on this list with Duncan about intercepting
invokedynamic calls made me wonder:
Since Lookup supports an unreflect(..) method, why is there any need
for the (backend of the) reflection API at all. The reason I am asking
is security: getting security checks is hard and maintaining two APIs
which require such checks seems unnecessarily painful. Would it not be
possible to simply reroute calls to the reflection API to the "invoke"
API using unreflect(..) thus getting rid of all the reflection logic
altogether?
Best wishes,
Eric
--
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
More information about the mlvm-dev
mailing list