Mo DeJong wrote:
> Here is another example:
>
> import java.util.Hashtable;
> public class Hashtable2 extends Hashtable
> {
> public static Hashtable get() {
> return new Hashtable2();
> }
> public void NEVER_CALL() {
> System.out.println("NEVER_CALL");
> }
> }
>
> % set h [java::call Hashtable2 get]
>
> ( Here is what would happen if you called getClass() )
> % java::info class $h
> Hashtable2
>
> This means you would be able to invoke "$h NEVER_CALL"
> which is not possible from regular Java code.
Sure it's possible:
((Hashtable2)h).NEVER_CALL();
If Hashtable2 were not public, that cast could be prevented, but this
specific example would break since it relies on a public static method
of Hashtable2.
Are you trying to say that java.lang.reflect introduces security holes
in Java? I don't think that it does, though it does not do a good job
of enforcing package-level access rights.
--
Jeff Sturm
[EMAIL PROTECTED]
----------------------------------------------------------------
The TclJava mailing list is sponsored by Scriptics Corporation.
To subscribe: send mail to [EMAIL PROTECTED]
with the word SUBSCRIBE as the subject.
To unsubscribe: send mail to [EMAIL PROTECTED]
with the word UNSUBSCRIBE as the subject.
To send to the list, send email to '[EMAIL PROTECTED]'.
An archive is available at http://www.mail-archive.com/tcljava@scriptics.com