----- Mail original ----- > De: "David M. Lloyd" <david.ll...@redhat.com> > À: jigsaw-dev@openjdk.java.net > Envoyé: Mardi 1 Novembre 2016 15:39:01 > Objet: Re: New proposal for #ReflectiveAccessToNonExportedTypes: Open modules > & open packages
> On 11/01/2016 09:23 AM, John Rose wrote: >> On Nov 1, 2016, at 10:22 AM, Jochen Theodorou <blackd...@gmx.org> wrote: >>> >>> Can we clarify "privileged code"? Privileged like in a SecurityManager in a >>> PrivilegedAction for example, for privileged like only jdk internal code? >>> Just >>> to see it black on white ;) >> >> Good question: I mean the basic JDK platform implementation. Something >> deep in >> java.base. Like Unsafe. > > I don't see why this can't be a "regular" API though, rather than a > super-user sledgehammer every single time. If user code can be > statically granted access, and that user code can deliberately acquire a > narrowly-scoped object which can access those Lookups/*Handles, then > isn't that better than using Unsafe, which not only represents > unrestricted system-wide access, but can undermine even the JVM's > integrity if leaked? > It's better than Unsafe because as a user you have to grant access by using by example an annotation, and you can specifies friends and/or what you want to export (only private/only package private, etc). But if the API returns a Lookup object and a client code with granted access exposes that lookup, all bets are off. > -- > - DML Rémi
