Timeline for Class with members that are mutable during creation but immutable afterwards
Current License: CC BY-SA 3.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 28, 2015 at 6:29 | comment | added | Neil | The problem with using the word "security" is that immediately someone assumes that what I say to be the more secure option is equivalent to maximum security and best practice. I never said either. If you're handing the library for someone to use, unless obfuscated (and sometimes even when obfuscated), you can forget about guaranteeing security. However, I think we can all agree on the fact that if you're tampering with a returned facade object using reflection in order to retrieve the internal object contained within that you're not exactly using the library as it should be used. | |
| Jul 27, 2015 at 23:02 | comment | added | Joshua | Don't write constructs that depend on partially trusted code for security. Partial trust is just not wanted. | |
| Jul 27, 2015 at 19:48 | comment | added | Esben Skov Pedersen | Kevin1 you can say that about all encapsulations. I'm not trying to protect against reflection. | |
| Jul 27, 2015 at 18:19 | comment | added | Kevin | @Esben: You still have to contend with MS07-052: Code execution results in code execution. Your code is running in the same security context as their code, so they can just attach a debugger and do whatever they wish. | |
| Jul 27, 2015 at 18:18 | comment | added | Esben Skov Pedersen | The security problem can be neatly solved with a private class | |
| Jul 27, 2015 at 15:55 | comment | added | MTilsted | Security is not better by returning a "read only" object, because the code which get the object, can still modify the object using reflection. Even a string can be modified(Not copied, modified in-place) using reflection. | |
| Jul 27, 2015 at 12:38 | history | edited | Neil | CC BY-SA 3.0 |
added 515 characters in body
|
| Jul 27, 2015 at 12:19 | history | edited | Neil | CC BY-SA 3.0 |
added 7 characters in body
|
| Jul 27, 2015 at 10:45 | history | edited | Neil | CC BY-SA 3.0 |
added 857 characters in body
|
| Jul 27, 2015 at 9:52 | vote | accept | Paul Richards | ||
| Jul 28, 2015 at 8:06 | |||||
| Jul 27, 2015 at 9:15 | history | answered | Neil | CC BY-SA 3.0 |