[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug classpath/25727] Hashtable is not secure
|
From: |
subanark at gmail dot com |
|
Subject: |
[Bug classpath/25727] Hashtable is not secure |
|
Date: |
9 Jan 2006 19:21:48 -0000 |
------- Comment #2 from subanark at gmail dot com 2006-01-09 19:21 -------
That is in fact the point of why Sun's Hashtable does this.
The class I presented FakeKey is in fact trying to trick the map into giving it
a value for the secure key, which is designed to be a private key.
If we take a simple wrapper class:
public class SimpleMap
{
private Hashtable map = new Hashtable();
public Object get(Object key)
{
return map.get(key);
}
public void put(Object key,Object value)
{
map.put(key,value);
}
}
Then if some code puts a key/value into the map, only code that has access to
the key, or key that the key claims is equal to another key can access the
value. If we use a HashMap instead, then any code will have access to the value
provided it can make its own key that claims to be equal to the currently
stored key. Also the code can change such value.
Right now If I decide to put a private Object as a key into a JComponent using
putClientProperty, I can be guarenteed that noone will have access to that
value, with Classpath I cannot gunarentee that.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25727
- [Bug classpath/25727] New: Hashtable is not secure, subanark at gmail dot com, 2006/01/09
- [Bug classpath/25727] Hashtable is not secure, pinskia at gcc dot gnu dot org, 2006/01/09
- [Bug classpath/25727] Hashtable is not secure,
subanark at gmail dot com <=
- [Bug classpath/25727] Hashtable is not secure, jeroen at frijters dot net, 2006/01/10
- [Bug classpath/25727] Hashtable is not secure, jeroen at frijters dot net, 2006/01/10
- [Bug classpath/25727] Hashtable is not secure, cvs-commit at developer dot classpath dot org, 2006/01/10
- [Bug classpath/25727] Hashtable is not secure, pinskia at gcc dot gnu dot org, 2006/01/28