String is final and security.

[boazbk@xxxxxxxxxxxxxx (Boaz Barak)]

>> I  put my neato net-connected String into a package of tempting
>> classes that you find irresistable to use

That argument could be made for any package of useful classes , not
neccassarily one that subclasses standard java classes, here Java security
only helps and allows to control net connections for foreign code (in
contrast with C/C++).


2 guesses:

1) Perhaps java.lang.String is final because of performance issues -
allowing optimizing uses of string and string concatation in ways otherwise
not possible?
2) String may be final to preserve the property of being immutable , for
performance or secuirty reasons -
Perhaps by having mutable Strings you can mess up hash-tables and such in
unsecure ways ( pass a string as parameter and then change it).


----- Original Message -----
From: Ted Neward <ted@xxxxxxxxxx>
To: Mahlen Morris <mahlen@xxxxxxxxxxxxx>; Advanced Java
<advanced-java@xxxxxxxxxxxxxxxx>
Sent: éåí çîéùé 16 ñôèîáø 1999 22:20
Subject: Re: String is final and security.


> But we could make the same argument with Vectors, Lists, HashTables, .....
>
> Ted Neward
> Patterns/C++/Java/CORBA/EJB/COM-DCOM spoken here
> http://www.javageeks.com/~tneward
>  "I don't even speak for myself; my wife won't let me." --Me
>
> -----Original Message-----
> From: Mahlen Morris <mahlen@xxxxxxxxxxxxx>
> To: Advanced Java <advanced-java@xxxxxxxxxxxxxxxx>
> Date: Thursday, September 16, 1999 11:57 AM
> Subject: String is final and security.
>
>
> >I'm guessing here, but suppose i wrote a String class that overrode
> >java.lang.String. My string class has the neat feature of making a net
> >connection to my server and sending me every String that gets created. I
> put my
> >neato net-connected String into a package of tempting classes that you
find
> >irresistable to use, so not only do you use it internally, but you ship
it
> to
> >all your customers. Now suppose that passwords, credit card numbers,
> details of
> >your kinky and complicated romantic life, and your idea for the Great
> American
> >Company end up as Strings at some point or another. All of those strings
> have
> >been sent to me.
> >
> >I'm not sure the above scenario is really possible, but i can see going
out
> of
> >my way to make it not possible.
> >
> >mahlen
> >
> >Mars is essentially in the same orbit...somewhat the same distance from
the
> >Sun, which is very important.  We have seen pictures where there are
> canals,
> >we believe, and water.  If there is water, that means there is oxygen.
If
> >oxygen, that means we can breathe.
> >        --V.P. Dan Quayle
> >
> >Mitch Gart wrote:
> >>
> >> Does anybody remember why subclassing String would be a
> >> security risk?  I'm getting curious.
> >>
> >> - Mitch
> >> - mgart at netegrity dot com
> >>
> >> ---
> >> To unsubscribe, mail advanced-java-unsubscribe@xxxxxxxxxxxxxxxx
> >> To get help, mail advanced-java-help@xxxxxxxxxxxxxxxx
> >
> >---
> >To unsubscribe, mail advanced-java-unsubscribe@xxxxxxxxxxxxxxxx
> >To get help, mail advanced-java-help@xxxxxxxxxxxxxxxx
>
>
> ---
> To unsubscribe, mail advanced-java-unsubscribe@xxxxxxxxxxxxxxxx
> To get help, mail advanced-java-help@xxxxxxxxxxxxxxxx
>


---
To unsubscribe, mail advanced-java-unsubscribe@xxxxxxxxxxxxxxxx
To get help, mail advanced-java-help@xxxxxxxxxxxxxxxx