From: "Ke-Qiang Liao" <Ke-Qiang.Liao.kqliao@nt.com>
To: "'Roland.Schemers@Eng.Sun.COM'" <Roland.Schemers@Eng>, Li.Gong@Eng
Subject: RE: HELP: checkPackageAccess
Date: Mon, 4 May 1998 12:53:48 -0400
Hi all,
> -----Original Message-----
> From: Roland.Schemers@Eng.Sun.COM [SMTP:Roland.Schemers@Eng.Sun.COM]
> Sent: Saturday, May 02, 1998 5:02 AM
> To: Li.Gong@Eng.Sun.COM
> Cc: Liao, Ke-Qiang [CAR:AT14:EXCH]; java-security@web4.javasoft.com
> Subject: Re: HELP: checkPackageAccess
>
> I think he is trying to ask if you reference the public class and it
> in turn references the private class, does checkPackageAccess get
> called once or twice.
>
Yes, it was my question.
> The answer is once because classes loaded
> by the system class loader do not invoke checkPackageAccess.
>
> At least that is how I read it :-) I could be wrong...
>
> roland
>
> >
> > I am not sure what you are driving at. RMI uses checkPackageAccess(),
> > but classloader does not, or at least from my quick look over the code.
> >
> > Back one-level up, what does it matter if it is checked once or twice?
> > What is the problem you are encountering?
> >
The idea was to allow applets to access only a public
interface (not in Java sense) and the direct access
to the private part is blocked by using checkPackageAccess().
This way would simplify the implementation of the
SecurityManager and we only need to implement security hooks
in the public part. The system would be more efficient
(with less security checking) and safer (with less
security checking and then possibly fewer security holes
caused by implementation bugs).
Evidently, I would not like to see the case where an applet
passes successfully the security checking at the public
package access level and fails at the private package
access level (if checkPackageAccess() is called twice).
Thanks for your answers,
Christian