[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-openjfx-dev
Subject: API REVIEW: RT-23888, Make PopupFeatures and PromptData final
From: richard.bair () oracle ! com (Richard Bair)
Date: 2012-08-31 22:51:54
Message-ID: EC299338-E0EA-455C-B3F6-8F222AD72239 () oracle ! com
[Download RAW message or body]
> I agree with the other guys that final classes are annoying for us, but if they are \
> needed to make things better then so be it.
> I think the emotive responses might be a result of us not knowing/understanding the \
> benefits of the final usage and therefore only being able to assess it by its \
> negative aspects.
> > The security problem with non-final classes has to do with attacks related to \
> > hacking finalizers, equals, hash code, and serialization from a sub class.
>
> Can you elaborate on this? Let's say I was a malicious, Hollywood-style hacker. \
> What kind of damage could I do and how would I do that damage via some non-final \
> class (the 'animation' ones for example caused me much grief by being final).
http://www.oracle.com/technetwork/java/seccodeguide-139067.html
And now that you have this power, please use it for good and help us find security \
bugs before they hit the net. BTW, if you do find such a bug, email me privately \
before publicizing to the world ;-).
Richard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic