[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-openjfx-dev
Subject:    API REVIEW: RT-23888, Make PopupFeatures and PromptData final
From:       richard.bair () oracle ! com (Richard Bair)
Date:       2012-08-31 22:51:54
Message-ID: EC299338-E0EA-455C-B3F6-8F222AD72239 () oracle ! com
[Download RAW message or body]

> I agree with the other guys that final classes are annoying for us, but if they are \
> needed to make things better then so be it.  
> I think the emotive responses might be a result of us not knowing/understanding the \
> benefits of the final usage and therefore only being able to assess it by its \
> negative aspects.  
> > The security problem with non-final classes has to do with attacks related to \
> > hacking finalizers, equals, hash code, and serialization from a sub class.
> 
> Can you elaborate on this? Let's say I was a malicious, Hollywood-style hacker. \
> What kind of damage could I do and how would I do that damage via some non-final \
> class (the 'animation' ones for example caused me much grief by being final).

http://www.oracle.com/technetwork/java/seccodeguide-139067.html

And now that you have this power, please use it for good and help us find security \
bugs before they hit the net. BTW, if you do find such a bug, email me privately \
before publicizing to the world ;-).

Richard


[prev in list] [next in list] [prev in thread] [next in thread]