[e-lang] Microsoft's laws of identity
Mark Miller
markm at cs.jhu.edu
Tue Jul 26 08:15:04 EDT 2005
John Carlson wrote:
> Mark Miller wrote:
>> John Carlson wrote:
>>> [...] So if you can't
>>> trust your caller, you shouldn't be trying to hide capabilties within
>>> your program.
>>
>> This doesn't follow. Why do you assume my caller can control my
>> ClassLoader?
>>
> Because I can set up a ClassLoader to load your main class and all your
> other classes.
> If I have to, I can rewrite Java. See previous message about Java
> tools, and read and
> execute privileges. Using gcj, you can probably eliminate the class
> loader.
How would this help?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list