Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (538)
Games in Android Showcase (132)
games submitted by our members
Games in WIP (600)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Private fields, not really private?  (Read 620 times)
0 Members and 1 Guest are viewing this topic.
Offline P0jahn

Senior Devvie


Projects: 3



« Posted 2014-08-20 18:05:35 »

Since we can access private fields(and probably methods as well, havent checked) with reflection, they are not really private.

http://docs.oracle.com/javase/7/docs/api/java/lang/reflect/Field.html#get(java.lang.Object)
http://docs.oracle.com/javase/7/docs/api/java/lang/reflect/Field.html#set(java.lang.Object,%20java.lang.Object)

and

field.setAccessible(true);

Is there a way to make a field 100% private?
Offline thedanisaur
« Reply #1 - Posted 2014-08-20 18:13:28 »

What are you worried about? In a devenv if some one is mucking around in the code private is never really private anyway. If you're worried about someone stealing info then the only way to keep it safe is on the server side.

Every village needs an idiot Cool
Offline KevinWorkman

JGO Kernel


Medals: 107
Projects: 11
Exp: 12 years


klaatu barada nikto


« Reply #2 - Posted 2014-08-20 18:13:38 »

Reflection comes with a pretty big "you can use this to break the rules" warning, so it's not really something you can -or should- worry about.

I mean, you can change the String that a String Object holds, and if you can do that, then pretty much all bets are off.

Static Void Games - Play indie games, learn game programming, upload your own games!
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline P0jahn

Senior Devvie


Projects: 3



« Reply #3 - Posted 2014-08-20 18:29:55 »

I mean, you can change the String that a String Object holds, and if you can do that, then pretty much all bets are off.
Aint that a big security risk?

It seems like reflection is "to strong".
Offline tkausl

Junior Devvie


Medals: 3
Exp: 5 years



« Reply #4 - Posted 2014-08-20 18:32:09 »

well, since java is decompileable there is no "security" in java, if someone want to steal something, he will just do.

My English isnt that great. Correct me, if you want, im still learning this Language Smiley
Offline BurntPizza

« JGO Bitwise Duke »


Medals: 288
Exp: 5 years



« Reply #5 - Posted 2014-08-20 18:34:42 »

Nothing is safe.

http://codegolf.stackexchange.com/a/28818/20169
Offline thedanisaur
« Reply #6 - Posted 2014-08-20 18:35:21 »

Technically if software is client side all bets are off anyway, there are a ton of tools for breaking software.

Every village needs an idiot Cool
Offline kevglass

« JGO Spiffy Duke »


Medals: 211
Projects: 24
Exp: 18 years


Coder, Trainee Pixel Artist, Game Reviewer


« Reply #7 - Posted 2014-08-20 18:36:22 »

In most environments where it matters theres a security manager running that prevents use of setAccessible()

Kev

Offline KevinWorkman

JGO Kernel


Medals: 107
Projects: 11
Exp: 12 years


klaatu barada nikto


« Reply #8 - Posted 2014-08-20 18:45:05 »

Aint that a big security risk?

It seems like reflection is "to strong".

Anything that happens on the client side should be viewed as pretty much open to the client, including private variables, algorithms, passwords, etc.

What are you trying to do? What exactly are you afraid will happen?

Static Void Games - Play indie games, learn game programming, upload your own games!
Offline jmguillemette
« Reply #9 - Posted 2014-08-20 20:43:07 »

Are you afraid someone will use reflection to "hack" your application?

-=Like a post.. give the author a medal!=-
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline basil_

« JGO Bitwise Duke »


Medals: 97
Exp: 12 years



« Reply #10 - Posted 2014-08-20 21:02:13 »

we can make variables more safe by not using plain java objects/fields and use unsafe instead.

still accessible by the client by simply reading the pointer but content would not appear in heapdumps. see http://mishadoff.github.io/blog/java-magic-part-4-sun-dot-misc-dot-unsafe/ chapter "Hide Password".

in the end you can use unsafe to do even more evil things then with reflections, but also more efficient.  persecutioncomplex
Offline arnaud_couturier
« Reply #11 - Posted 2014-08-21 00:05:21 »

In object programming, being private doesn't mean safe from a security standpoint.
Private means that developers of other classes should not know about, and mess with that private entity. Then the compiler makes sure that rule is followed. It only "secures" programmers among themselves, to allow them not shoot themselves in the foot while they develop. That's all.

If you want security, you'll have to employ much more advanced techniques, such as in-memory encryption etc...
Have a look at client-side password managers (like KeePass) for an idea of how it's done.
Offline Roquen
« Reply #12 - Posted 2014-08-21 07:51:56 »

If a person as access to the code and data...security is impossible, regardless of language written in.  They have all information needed.
Pages: [1]
  ignore  |  Print  
 
 

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

rwatson462 (29 views)
2014-12-15 09:26:44

Mr.CodeIt (20 views)
2014-12-14 19:50:38

BurntPizza (40 views)
2014-12-09 22:41:13

BurntPizza (75 views)
2014-12-08 04:46:31

JscottyBieshaar (37 views)
2014-12-05 12:39:02

SHC (50 views)
2014-12-03 16:27:13

CopyableCougar4 (45 views)
2014-11-29 21:32:03

toopeicgaming1999 (113 views)
2014-11-26 15:22:04

toopeicgaming1999 (100 views)
2014-11-26 15:20:36

toopeicgaming1999 (30 views)
2014-11-26 15:20:08
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!