Andrew Haley wrote: > Of course, yes. But it's security issues that I'm concerned about > here: what we want to know is the first caller of Foo.method() that is > not Foo.
Not necessarily. Typically what's important is the supplier of the arguments to the method. In the subclassing scenario, the subclass may be the one providing the arguments (i.e. passing different values then it was passed), but it may also be passing along the original values. If the subclasser is trusted but the original caller isn't, you have a problem. Now granted, this is a coding error, but I think it is facilitated by this too flexible model of walking the stack. BTW, I'm not ruling out the need for this more flexible way of getting the caller, I just want to make sure that this isn't the default and is used only very cautiously. Regards, Jeroen _______________________________________________ Classpath mailing list Classpath@gnu.org http://lists.gnu.org/mailman/listinfo/classpath
