You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jdo-dev@db.apache.org by Craig L Russell <Cr...@Sun.COM> on 2006/03/06 18:34:41 UTC
jdoNewInstance static
Hi Erik,
On Mar 6, 2006, at 8:56 AM, Erik Bengtson wrote:
> An alternative is making jdoNewInstance static, which would mean,
> no more calls
> to JDOImplHelper. That would definitily solve all issues related to
> it.
Unfortunately, this would be a security exposure, since it would
allow a malicious user to create a new instance of a persistence
capable class without a security check. The current scheme is
designed for high performance in a secure environment.
Craig
Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!