Results 1 to 2 of 2
- 04-14-2012, 03:38 AM #1
Preventing dynamically loaded classes from using reflection
I'm writing a program that will allow the user to dynamically load and execute classes that extend a certain class. Plugins, basically. I want to prevent those classes (or the threads running them, if that's the way to do it) from using reflection to access parts of the program they shouldn't. I want to apply these restrictions to every class loaded by my custom ClassLoader.
I found a thread on SO that suggests it might be possible. But I don't really know where to start reading. Everything I'm finding is about applet permissions. Any pointers?
Edit: Here's a person with a similar question. But I don't understand or trust the solution. It seems kind of hackish. And this thread looks promising, but it's a lot to take in and the commenters were conflicted about the right way to do it.
Last edited by kjkrum; 04-14-2012 at 03:46 AM.Get in the habit of using standard Java naming conventions!
- 04-14-2012, 12:54 PM #2
Re: Preventing dynamically loaded classes from using reflection
The last link: this thread using a SecurityManager and testing the Permissions looks like a good possibility.
You're right about the details mention at that link. It does look complicated. It seems that "hackers" find ways around a lot of security barriers. You should be able to raise the security bar high enough to keep out most programmers.
Last edited by Norm; 04-14-2012 at 12:58 PM.If you don't understand my response, don't ignore it, ask a question.
- By SFNYC in forum EclipseReplies: 0Last Post: 06-30-2011, 03:46 PM
- By ~ in forum Advanced JavaReplies: 1Last Post: 04-27-2011, 04:06 AM
- By bobocheez in forum New To JavaReplies: 11Last Post: 01-05-2011, 05:50 PM
- By ieoj31 in forum New To JavaReplies: 3Last Post: 11-15-2010, 01:33 PM
- By andrew222 in forum Advanced JavaReplies: 2Last Post: 02-27-2010, 07:36 AM