[cap-talk] David Wagner's Google techtalk is now up!
daw at cs.berkeley.edu
Sun Dec 16 01:38:15 EST 2007
Mike Samuel writes:
>The presence of proxyNewInstance without access checks violates
>that assumption and so makes it easier to confuse deputies.
Right. I see now that I answered your original question inaccurately.
You asked if Joe-E provides tamed access to proxyNewInstance. I said
"Yes, via org.joe_e.reflect.Proxies.proxy()", but the correct answer is
"No, proxyNewInstance() is tamed away, but we provide a wrapper class
that allows proxying if the appropriate security checks are passed. See
org.joe_e.reflect.Proxies.proxy(), which implements all of those security
checks and then internally invokes proxyNewInstance()." I should have
been clearer about the distinction between providing access to proxying
via taming vs via a wrapper class. Joe-E uses the latter strategy for
supporting safe reflection. Since proxyNewInstance() does not implement
all of the security checks we want, there's no way to provide access
to just the safe subset of that functionality using taming alone, and
we're forced to rely upon wrapper classes that we build ourselves. I
hope this makes sense. Thanks again for your comments!
More information about the cap-talk