You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jdo-dev@db.apache.org by Craig L Russell <Cr...@Sun.COM> on 2006/03/06 18:34:41 UTC

jdoNewInstance static

Hi Erik,

On Mar 6, 2006, at 8:56 AM, Erik Bengtson wrote:

> An alternative is making jdoNewInstance static, which would mean,  
> no more calls
> to JDOImplHelper. That would definitily solve all issues related to  
> it.

Unfortunately, this would be a security exposure, since it would  
allow a malicious user to create a new instance of a persistence  
capable class without a security check. The current scheme is  
designed for high performance in a secure environment.

Craig

Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!