问题描述
学习Java我有时被教导使用私有访问修饰符,以免将敏感信息暴露给其他类,好像这可能会打开一个合法的安全漏洞。但我从来没有遇到过限制成员可见性不仅仅是以面向对象的方式建模程序的便利的情况。
Learning Java I was sometimes taught to use the private access modifier so as not to expose "sensitive information" to other classes, as if this could open a legitimate security hole. But I've never encountered a situation in which restricting member visibility was more than a convenience for modelling a program in an object-oriented fashion.
是 private Java类中的字段和函数实际上比其他方式更安全吗?
Are private fields and functions in Java classes actually more "secure" than otherwise?
编辑 - 最佳答案汇编。
EDIT -- Compilation of best answers.
为何私人并不意味着安全:
- 反编译器允许静态查看字节码
- reflection 库允许运行时访问私有成员
- decompilers allow static look at bytecode
- reflection library allows runtime access to private members
什么是私有适用于:
- 由于强制方法级访问而导致的代码可维护性
- 模块化代码隐藏实现细节
- maintainability of code due to forcing method-level access
- modularity of code by hiding implementation details
推荐答案
我从来没有听说过 - 在任何严肃的意义上 - 作为一个安全问题。我的意思是,反编译工作。您可以使用它们来弄清楚字节码内部发生了什么。
I've never heard of it -- in any serious sense -- as a security issue. I mean, decompilers work. You can use them to figure out what's going on inside the bytecode.
拥有 private 成员是一个可维护性问题。如果我只给你方法级访问我的内部,那么我唯一的责任是确保我的API方法继续工作。我不会在内部使用 Double 而不是 BigDecimal ,只要我的方法继续返回 Double s(例如)。
Having private members is a maintainability issue. If I only give you method-level access to my internals, then my only responsibility is to ensure that my API methods continue to work. I'm not locked into using a Double versus a BigDecimal on the insides, so long as my methods continue to return Doubles (for instance).
这篇关于私人成员真的更“安全”吗?在Java?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!