Back to list
Java Inner Classes Insecure?
Nov 24 2004 06:33PM
Craig E. Ward (cew ACM ORG)
Re: Java Inner Classes Insecure?
Nov 26 2004 10:19AM
Steffen Dettmer (steffen dett de)
* Craig E. Ward wrote on Wed, Nov 24, 2004 at 10:33 -0800:
> What these compilers do is add new static access methods that the
> inner classes can call to do things with the private members of the
> outer class. The inner class gets an extra member that is a reference
> to the outer class so it knows which instance of the outer class it
> belongs to.
> Although I haven't actually made it work, it seems to me that calls
> to these access methods used by the inner classes could be inserted
> into third party classes. Does anyone know of a case where this has
> been done? Are the problems with inner classes historical or do they
> still exist?
Why is this of interest? In languages compiled to a platform you
can call private methods as well (using a debugger for instance),
if you manage it to modify the loaded code (or parts of it before
loading). I think this is the same here, isn't it?
> The counter argument asserts that what this really shows is that the
> Java language is treating all class members orthogonally, which is a
> good thing. A class member is a class member. (In C++, inner classes
> do not get this access to the outer class automatically. This is an
> indicator that C++ is less orthogonal in its treatment of class
> members and this is a weakness in the language.)
Why should an inner class get implicit access to an outer class?
Any why do you call this dependency as orthogonality? The inner
class is visible in a smaller scope, but that's it I think. A
member should not know to which class it belongs (which also
fails for pointers - or should a pointer know to which instance
it belongs? And an int?). Did I missunderstood the point?
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
[ reply ]
Copyright 2010, SecurityFocus