问题描述
虽然可以更改passwordHash字段的最终修饰符。
With the final keyword, you would expect that no malicious code would be able to change the variable passwordHash. However, using reflection it is possible to change the final modifier on the passwordHash field.
最终提供任何真正的安全性,还是只是安慰剂?
So does 'final' provide any real security, or is it just placebo?
编辑:
有一些非常有趣的讨论,我希望我能接受不止一个答案。感谢大家的意见。
There is some really interesting discussion, and I wish I could accept more than one answer. Thanks everyone for your input.
推荐答案
在'经受住攻击'的意义上,这不是'安全';它更像是更难搞乱。
It's not 'security' in the sense of 'withstanding an attack'; it's more like 'harder to mess up by mistake'.
我更喜欢安全这个词;我觉得它更像是防止意外,而不是恶意。
I prefer the word 'safety'; i feel its more like preventing an accident, not malice.
这篇关于Java'final'关键字是否真正提高了安全性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!