Even a chimp can write code

Friday, August 20, 2004

Package sealing

One has frequently encountered a surfeit of protected methods within classes, where there is no need for that level of access. Instance variables inadvertently exposed by a class could be changed by malicious code or even by accident. While the correct approach would be to scan through your code and clean up such occurences (by making them package protected or even private, as the case may be), one can adopt the package sealing feature for added security.

To guarantee that all classes in a package come from the same source code, add an entry like this to the JAR's Manifest file:

Name: org/nerddawg/util/
Sealed: true

The value across the Name header represents the package name (notice the trailing slash). When the classloader needs to load a class from such a sealed package, it recognizes that classes from within that package can only be loaded from that JAR file.

Email this | Bookmark this


Post a Comment | Home | Inference: my personal blog