[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: Field injection
adrian@jboss.org
do-not-reply at jboss.com
Mon Mar 17 09:11:44 EDT 2008
This is a security hole:
| /**
| * Set the field
| *
| * @param field the field
| */
| public void setField(Field field)
| {
| this.field = field;
| if (isPublic() == false && field != null)
| field.setAccessible(true);
| }
|
| /**
| * Get the field
| *
| * @return the field
| */
| public Field getField()
| {
| return field;
| }
| =
|
e.g.
| java.lang.reflect.Field field = ...; // I can't do setAccesible
| ReflectFieldInfoImpl impl = new ReflectionFieldInfoImpl();
| impl.setField(); // So I'll use this hole
| field = impl.getField(); // This should have an access check
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137042#4137042
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137042
More information about the jboss-dev-forums
mailing list