可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
In Java the private
access modifier consider as safe since it is not visible outside of the class. Then outside world doesn't know about that method either.
But I thought Java reflection can use to break this rule. Consider following case:
public class ProtectedPrivacy{
private String getInfo(){
return "confidential";
}
}
Now from another class I am going to get Info:
public class BreakPrivacy{
public static void main(String[] args) throws Exception {
ProtectedPrivacy protectedPrivacy = new ProtectedPrivacy();
Method method = protectedPrivacy.getClass().getDeclaredMethod("getInfo", null);
method.setAccessible(true);
Object result = method.invoke(protectedPrivacy);
System.out.println(result.toString());
}
}
At this moment I just thought still private method safe since to do some thing like above we must know method name. But if class which contain private method written by some one else we don't have visibility of those.
But my point become invalid since below line of code.
Method method[] = new ProtectedPrivacy().getClass().getDeclaredMethods();
Now this method[]
contains all the things need to do above thing. My question is, is there a way to avoid this kind of things doing using Java reflection?
I am quote some point from Java Documentation to clarify my question.
Tips on Choosing an Access Level:
If other programmers use your class, you want to ensure that errors
from misuse cannot happen. Access levels can help you do this.Use the
most restrictive access level that makes sense for a particular
member. Use private unless you have a good reason not to.
回答1:
It depends on what you mean by "safe". If you're running with a security manager that allows this sort of thing, then yes, you can do all kinds of nasty things with reflection. But then in that kind of environment the library can probably just be modified to make the method public anyway.
Access control is effectively "advisory" in an environment like that - you're effectively trusting the code to play nicely. If you don't trust the code you're running, you should use a more restrictive security manager.
回答2:
Access modifiers have nothing to do with security. In fact you can and should look at access modifiers as the reverse of security -- it is not to protect your data or algorithims, it is to protect people from the requirement to know about your data and algorithims. This is why the default modifier is package -- if they are working on the package they probably already need to know.
Along with the knowledge of the data and the methods of your code, comes the responibility to know when and how to use it. You don't put private on your inIt method to keep someone from finding out about it, you do so because (a) they aren't going to know that you only call that after foo and only if bar = 3.1415 and (b) because it does them no good to know about it.
Access modifers can be summed up in a simple phrase "TMI, dude, I so didn't need to know that".
回答3:
By saying 'safe', you are protecting you or other developers, which are using your API to not harm the object by calling your private method. But if you or they really need to call this method, they can do it with Reflection.
回答4:
The question is who are you trying to save it from. In my opinion, such a client of your code is the one at a loss here.
Any piece of code (written by you or others) which tries to access a private
member of the above class is essentially digging its own grave. private
members don't make a part of the public API and are subject to change without notice. If a client happens to consume one of such private members in the manner given above, it's going to break if it upgrades to a newer version of the API in which the private member got modified.
回答5:
With facility, there comes responsibility. There are thing's you can't do, & things you can do but you shouldn't do.
Private modifier is provided/used as/in the most restricted manner. Members which should not be visible outside the class shall be defined as private. But this can be broken with Reflection as we see. But this does not mean that you should not use private - or they are unsafe. It is about you shall use things judiciously or in constructive manner (like reflection).
回答6:
Assuming you trust the client programmer of your API, another way of looking at is how 'safe' it is for them to use those particular functions.
Your publicly available functions should provide a clear, well-documented, rarely-changing interface into your code. Your private functions can be considered an implementation detail and may change over time, so are not safe to use directly.
If a client programmer goes out of their way to circumvent these abstractions, they are in a way declaring that they know what they are doing. More importantly, they understand that it is unsupported and may stop working with future versions of your code.
回答7:
private
is not for security, it is to keep the code clean and to prevent mistakes. It allows users to modularize the code (and how it is developed) without having to worry about all the details of the other modules
Once you release your code, people can figure out how it works. There's no way to "hide" the logic if you eventually want the code to run on a computer. Even compiling to binary is jsut a level of obfuscation.
So, there's no way that you can set up your API to do special things that you don't want others to be able to call. In the case of a web API, you could put the methods you want control over on the server side.