API REVIEW: RT-23888, Make PopupFeatures and PromptData final
Richard Bair
richard.bair at oracle.com
Fri Aug 31 15:51:54 PDT 2012
> I agree with the other guys that final classes are annoying for us, but if they are needed to make things better then so be it.
>
> I think the emotive responses might be a result of us not knowing/understanding the benefits of the final usage and therefore only being able to assess it by its negative aspects.
>
>> The security problem with non-final classes has to do with attacks related to hacking finalizers, equals, hash code, and serialization from a sub class.
>
> Can you elaborate on this? Let's say I was a malicious, Hollywood-style hacker. What kind of damage could I do and how would I do that damage via some non-final class (the 'animation' ones for example caused me much grief by being final).
http://www.oracle.com/technetwork/java/seccodeguide-139067.html
And now that you have this power, please use it for good and help us find security bugs before they hit the net. BTW, if you do find such a bug, email me privately before publicizing to the world ;-).
Richard
More information about the openjfx-dev
mailing list