I like this article the best: See here as it tells you the detail.
Oh, nowadays you can do Class.forName() and invoke any method? How silly is that! This reflection thing looks like recipe for disaster. People are adding more and more to Java without remembering its original goals? Can someone interview James Gosling please. I'd like to see what he thinks... and just how he is doing in career after Sun.
Yikes this is a big punch in the eyes for Java...
Oracle offered a fix now. But who knows if there are more undiscovered loopholes? Even Microsoft doesn't get this much concern about security from the Department Homeland Security.
No comments:
Post a Comment