It's not too late for access control
dalibor topic
dalibor.topic at oracle.com
Sat Jul 16 10:34:24 UTC 2016
On 15.07.2016 22:25, Jason T. Greene wrote:
> The assumption you seem to make is that the use case of reflective access to internal packages is wrong, poor programming practice, or an error.
>
> That couldn't be further from the truth.
As with many things, it kind of depends on who you ask:
https://www.securecoding.cert.org/confluence/display/java/SEC05-J.+Do+not+use+reflection+to+increase+accessibility+of+classes,+methods,+or+fields
There is a case to be made for experts consciously making expertly
assessments of risk and benefits of using sharp edged tools, and it
seems to have been made a few times in different forms on this thread.
There is also a case to be made that some people may unfortunately have
not made expertly assessments about using sharp edged tools in the past,
and therefore could see risks materialize which they didn't anticipate
adequately. I think that argument was made a few times in different
forms on this thread.
All of those are fine arguments, and so is the need to consciously keep
moving the set of current development practices along with evolving the
state of the art, to, in the long term, avoid a situation in which, for
example, some C/C++ users & developers find themselves in today, where
some development practices have not evolved along with the platform,
creating a growing tension [0] between users depending on large bodies
of presumably partly incorrect & unsafe [1] code, and the thrust of
development of the programming language and associated development tools
[2].
In short, let's not argue about absolute statements one way or the other
if we can avoid it.
cheers,
dalibor topic
[0]
https://groups.google.com/forum/m/#!msg/boring-crypto/48qa1kWignU/o8GGp2K1DAAJ
[1] https://twitter.com/robilad/status/754084363017465857
[2]
http://stackoverflow.com/questions/36893251/why-does-the-enhanced-gcc-6-optimizer-break-practical-c-code
--
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment
More information about the jigsaw-dev
mailing list