"adrian(a)jboss.org" wrote : "alesj" wrote : "adrian(a)jboss.org" wrote : In case its not clear | | Nope, not clear. :-) | | OK, I'm glad I didn't introduce security hole :-), but I don't see why your example will fail with the current code? | | | | It won't fail with the current code. | It won't fail, but it's still not a security hole? Why? Since the one who already wanted to call setAccessible on the initial field won't be able to do that anyway via RFII, where the caller and the field instance are the same? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137056#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...