It's not too late for access control

Sat Jul 16 10:34:24 UTC 2016

On 15.07.2016 22:25, Jason T. Greene wrote:
> The assumption you seem to make is that the use case of reflective access to internal packages  is wrong, poor programming practice, or an error.
>
> That couldn't be further from the truth.

As with many things, it kind of depends on who you ask: 
https://www.securecoding.cert.org/confluence/display/java/SEC05-J.+Do+not+use+reflection+to+increase+accessibility+of+classes,+methods,+or+fields 

There is a case to be made for experts consciously making expertly 
assessments of risk and benefits of using sharp edged tools, and it 
seems to have been made a few times in different forms on this thread. 
There is also a case to be made that some people may unfortunately have 
not made expertly assessments about using sharp edged tools in the past, 
and therefore could see risks materialize which they didn't anticipate 
adequately. I think that argument was made a few times in different 
forms on this thread.

All of those are fine arguments, and so is the need to consciously keep 
moving the set of current development practices along with evolving the 
state of the art, to, in the long term, avoid a situation in which, for 
example, some C/C++ users & developers find themselves in today, where 
some development practices have not evolved along with the platform, 
creating a growing tension [0] between users depending on large bodies 
of presumably partly incorrect & unsafe [1] code, and the thrust of 
development of the programming language and associated development tools 
[2].

In short, let's not argue about absolute statements one way or the other 
if we can avoid it.

cheers,
dalibor topic

[0] 
https://groups.google.com/forum/m/#!msg/boring-crypto/48qa1kWignU/o8GGp2K1DAAJ
[1] https://twitter.com/robilad/status/754084363017465857
[2] 
http://stackoverflow.com/questions/36893251/why-does-the-enhanced-gcc-6-optimizer-break-practical-c-code
-- 
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>

ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher

<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment