In C# or java,even though we mark methods as private ,they still can be accessed using reflection,i.e dynamically loading the class .of course we should know the method name to get hold of it.But still i was wondering how safe is the application which is meant to secure private database or bank account etc,which can still be hacked using reflection. My question here is why is this allowed to access the variables/methods even though they are private?
+3
A:
Even if reflection didn't exist, getting data from within a virtual machine would be pretty trivial for a determined hacker. The existence of reflection is an acknowledgement from the creators of these languages that a) it's extraordinarily convenient in some special cases and b) private methods by no means ensure security. Instead, to secure private data such as bank account information, further means of indirection should be used, such as storing the data in a remote database and providing a query mechanism with an aggressive ACL.
ysimonson
2010-01-29 05:42:11
ysimonsonThanks for the information.
Ravisha
2010-01-29 13:43:37