7 lines
678 B
Plaintext
7 lines
678 B
Plaintext
=== on 6 Oct 2015, 19:33:30 Ann Campbell wrote:
|
|
\[~nicolas.peru], _http://www.securingjava.com/chapter-seven/chapter-seven-1.html[Securing Java]_ (see Rule 5) says that inner classes (presumably only non-``++static++``) are security holes because the compiler translates them to ordinary classes with ``++package++`` accessibility, and "upgrades" the owning's class's ``++private++`` member visibility to ``++package++``.
|
|
|
|
|
|
The upshot is a recommendation against using inner classes. Since those problems go away if the inner class is ``++static++``, I'm wondering whether to combine "Don't use non-static inner classes" with this rule or handle it in a separate RSpec. WDYT?
|
|
|