Results 1 to 2 of 2
  1. 04-14-2012, 03:38 AM #1
    kjkrum's Avatar
    kjkrum
    kjkrum is offline Senior Member
    Join Date
    Apr 2011
    Location
    Tucson, AZ
    Posts
    642
    Rep Power
    3

    Default Preventing dynamically loaded classes from using reflection

    I'm writing a program that will allow the user to dynamically load and execute classes that extend a certain class. Plugins, basically. I want to prevent those classes (or the threads running them, if that's the way to do it) from using reflection to access parts of the program they shouldn't. I want to apply these restrictions to every class loaded by my custom ClassLoader.

    I found a thread on SO that suggests it might be possible. But I don't really know where to start reading. Everything I'm finding is about applet permissions. Any pointers?

    Edit: Here's a person with a similar question. But I don't understand or trust the solution. It seems kind of hackish. And this thread looks promising, but it's a lot to take in and the commenters were conflicted about the right way to do it.
    Last edited by kjkrum; 04-14-2012 at 03:46 AM.
    Get in the habit of using standard Java naming conventions!
    Reply With Quote Reply With Quote
  2. 04-14-2012, 12:54 PM #2
    Norm's Avatar
    Norm
    Norm is offline Moderator
    Join Date
    Jun 2008
    Location
    SW Missouri
    Posts
    14,795
    Rep Power
    20

    Default Re: Preventing dynamically loaded classes from using reflection

    The last link: this thread using a SecurityManager and testing the Permissions looks like a good possibility.

    You're right about the details mention at that link. It does look complicated. It seems that "hackers" find ways around a lot of security barriers. You should be able to raise the security bar high enough to keep out most programmers.
    Last edited by Norm; 04-14-2012 at 12:58 PM.
    If you don't understand my response, don't ignore it, ask a question.
    Reply With Quote Reply With Quote
« Alter blue values of a pixel | Camera image processing in Java »

Similar Threads

  1. Preventing Eclipse from importing inner classes
    By SFNYC in forum Eclipse
    Replies: 0
    Last Post: 06-30-2011, 03:46 PM
  2. Dynamically interpreting/importing code/classes
    By ~ in forum Advanced Java
    Replies: 1
    Last Post: 04-27-2011, 04:06 AM
  3. Preventing stack overflow?
    By bobocheez in forum New To Java
    Replies: 11
    Last Post: 01-05-2011, 05:50 PM
  4. Preventing exceptions
    By ieoj31 in forum New To Java
    Replies: 3
    Last Post: 11-15-2010, 01:33 PM
  5. Java reflection: find serializable classes in package
    By andrew222 in forum Advanced Java
    Replies: 2
    Last Post: 02-27-2010, 07:36 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules