db-jdo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig L Russell <Craig.Russ...@Sun.COM>
Subject jdoNewInstance static
Date Mon, 06 Mar 2006 17:34:41 GMT
Hi Erik,

On Mar 6, 2006, at 8:56 AM, Erik Bengtson wrote:

> An alternative is making jdoNewInstance static, which would mean,  
> no more calls
> to JDOImplHelper. That would definitily solve all issues related to  
> it.

Unfortunately, this would be a security exposure, since it would  
allow a malicious user to create a new instance of a persistence  
capable class without a security check. The current scheme is  
designed for high performance in a secure environment.


Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!

View raw message