Encapsulation vs Security
Here’s my ten-word review of Joshua Bloch’s Effective Java: If You Write Java, You Need To Read This Book.
I wanted to say that up front, because I’m about to talk at great length about one of its shortcomings, which would give the impression, purely by wordcount, that I don’t think it’s a good book. This is just a reflection of how many more words it takes to explain a negative point than a positive one. The book is irrefutably useful and you should read it (if you write Java).
To give the issue a bit of context, here’s a fact that I was only dimly aware of before doing some mid-reading research:
If you get the security settings right, the Java Virtual Machine guarantees access control.
If you declare a field private, and you’re running a trusted JVM, and the security manager is set to disallow JNI and changing accessibility through reflection and a handful of other things, then you can run untrusted third-party code in the same process and even pass those objects to the untrusted code and it will never be able to get at the private field.
This is such a big deal that I don’t understand why it isn’t a bigger deal. It’d be impossible to make this kind of claim in a natively compiled language, because you can always pointer-arithmetic your way to the private data. Python makes only the vaguest of gestures in the direction of information hiding, and certainly doesn’t guarantee it. Maybe C# and the rest of the .NET family make some guarantees, I’m not sure (although whether you’d trust Microsoft to get the security right is a different story (but then, the same question should be asked of Sun Oracle)).
Here’s the issue though. This means that access control in Java actually has two different (although overlapping) purposes: encapsulation, and security. And they’re not the same thing.
Encapsulation is about reducing the complexity and increasing the abstraction of classes by hiding their implementation. Security is about stopping people from seeing or changing data that they shouldn’t be able to. Security is for protecting users from malicious programmers; encapsulation is for protecting programmers from themselves.
Security at this level isn’t always possible. If you’re writing a library for other people to use in a JVM that they control, you can’t expect to hide anything from them – they can turn the security manager way down, or change your bytecode, or run a modified JVM. (At university we had an assignment that involved black-box testing of algorithms that we were given as obfuscated JARs. I worked out that you could peek at some of the internals by rebuilding the Java standard libraries with String declared non-final, and passing in a subclass with some instrumentation added. And no, I didn’t actually do it.)
Most times that someone compromises their own system, they can only do damage to themselves. Of course, you probably still want to make your library as tight as possible so that it isn’t a security hole for other code that it interacts with. The point is that it can be dangerous, or at least an unnecessary programming burden, to rely on language guarantees for security if you’re not always going to have control of the platform.
On the other side, encapsulation isn’t always desirable. Well, maybe it is. There’s heated debate about this. Some people (many of them Java devotees) argue that programmers will find and use every available undocumented feature, and anything you inadvertently expose will doom you to support it forever. Others (e.g. a high proportion of Python fans) say that an API is as much a social contract as a technical one, and that if someone wants to work around an interface that doesn’t meet their needs then, well, we’re all adults, and they’re welcome to do so as long as they accept the consequences if the implementation changes.
The point is that encapsulation and security are different requirements. Making a field private because it’s an implementation detail is one decision; making a field private because using it would open a security hole is a very different decision. If you try to squeeze the concepts into one then at some point you’re going to make a poor decision. And now we get to my one (and minor) gripe with Effective Java: it doesn’t do enough to distinguish between them.
Some of Bloch’s points (e.g. Item 10: Always override toString) are clearly about programmer-friendly abstractions. Other points (Item 76: Write readObject methods defensively) are clearly about security – no programmer would (or could, reliably) exploit it just to get around API restrictions. In one place (Item 39: Make defensive copies when needed) he mentions that a particular security measure has a big enough performance hit that it can be valid to leave it open, if it’s in an environment where misuse will only hurt the (mis)user. But in other places it’s not so clear exactly what kind of advice he’s giving, which could lead readers to apply the advice in the wrong way.
Part of this might be that Bloch is writing from the perspective of someone who worked on the Java platform APIs, which sit in the part of the Venn diagram where encapsulation and security do overlap: they’re widely used, so any leaky implementation details are guaranteed to become a compatibility issue; and they’re the basis for every other API (even a trivial class extends Object) and available to malicious code even on a trusted JVM, which effectively makes them part of the platform’s security guarantee. And I suppose you could argue (indeed, he says something similar to this in the introduction) that you don’t always know where your code will end up, so aiming for as much encapsulecurity as possible isn’t a bad thing.
And frankly that’s a pretty good argument. Which is why you still need to read this book.
(A few other things bugged me while reading it, but most of them were directed at Java rather than the book itself. There might still be another post or two in this topic.)
The Little Guy — Dave's Programming Blog
November 28, 2010 @ 8:50 pm
[...] said at the end of my sort-of review of Effective Java that a few things bugged me while reading it, not about the book, but about Java itself. These [...]
Anonymous
January 29, 2013 @ 7:52 am
hi!,I like your writing so much! percentage we communicate more approximately your
article on AOL? I need an expert in this area to solve my problem.
May be that’s you! Taking a look forward to see you.
business insider twitter
June 11, 2015 @ 11:16 pm
Usually, formality relates to how one reveals respect in business communication.
chemistry tutoring jobs nyc
June 26, 2015 @ 4:08 pm
Quantum physics is one of the most attention-grabbing
branches of physics, which describes atoms and molecules, as
well as atomic sub-construction.
pornstache season 3
August 31, 2015 @ 12:10 am
sex and the city
Pornographic shows
Sexual fetishism
Heart Rate Monitor
sex offender
http://www.otavaloempresarial.com
December 8, 2015 @ 9:11 pm
If some onee wishes to be updatwd with latest technologies
afterward he must be pay a quick viit this website and be up to
date daily. http://www.otavaloempresarial.com
ACCA APC
June 22, 2016 @ 8:50 am
My brothe recommended I may like this web site. He used
to be entirely right. This publish truly made my day.
You cann’t believe simply how so much time I had spent for
this information! Thanks!
country rustic wedding invitations
July 12, 2016 @ 11:03 pm
It’s hard but at least he will get some things for It sounds like his dad will provide at least things to Good luck!
Lori
August 26, 2016 @ 11:05 am
Great steam showers, we had a unit built around 5 years ago and it may possibly do with replacing, would never buy
a boring old regular form of shower again
fashion bloggers over 30
August 28, 2016 @ 1:40 pm
It¡¦s beautiful value sufficient for me. In my opinion, if all website owners and bloggers made just right content material materials as you probably did, the internet may be much more helpful than ever before.
http://room2shoppers.com/
September 15, 2016 @ 1:28 pm
Lots of superb advise on this site, want to have a
steam shower unit inside my bathroom
Roberto
September 18, 2016 @ 12:21 pm
Adore this incredible website, great information here, was actually a tiny bit sceptical around
getting a steam shower unit for our home but the information here sorted my mind out, fantastic thanks for your insight
Roberto
September 24, 2016 @ 1:03 am
Looked over this web site and purchased a steam shower and never looked back, amazing info on this site cannot say thanks enough
web design jobs seattle
September 24, 2016 @ 7:46 am
JPMorgan Chase & Co, which has announced plans to enhance compliance across the bank because it faces a bevy of regulatory investigations,
has greater than 300 job openings for anti-money laundering professionals, in accordance with its web
site.
http://all4webs.com
October 19, 2016 @ 2:55 am
Lots of excellent guidance on this website, really need a
steam shower unit within my bathroom
water systems council
December 18, 2016 @ 6:33 pm
This page’s goal will be to record the development of
our off-grid water alternative, share resources and tools we discuss, and discover not useless both breakthroughs and ideas we find along the approach.
Jared
April 16, 2017 @ 1:15 pm
Hello, after reading this awesome paragraph
i am as well happy to share my knowledge here with friends.
bij wie hoort dit gratis mobiele nummer
June 9, 2017 @ 12:42 pm
I was suggested this blog by means of my cousin. I’m not sure whether or not this
post is written via him as no one else know such
specified approximately my problem. You are incredible!
Thank you!
φθηνη ασφαλεια
June 19, 2017 @ 2:34 am
Very soon this website will be famous among all blogging and site-building people,
due to it’s good articles
bit.ly
November 26, 2017 @ 6:10 am
UNITED STATE Us senate Majority Leader Trent Lott 22 Legislator Lott,
at an event recognizing WELCOME is knowing its goals through the
implementation of a huge collection of activities focused on the different stages of the startup lifecycle..
pixel scout
April 12, 2019 @ 2:11 pm
If some one desires expert view on the topic of
running a blog afterward i suggest him/her to pay a quick visit
this webpage, Keep up the nice job.
Chana
May 19, 2019 @ 11:56 am
Hello it’s me, I am also visiting this web site daily, this website is really
nice and the people are genuinely sharing good thoughts.
Judi Slot Terbaru
June 4, 2019 @ 6:05 pm
I have read some good stuff here. Certainly worth
bookmarking for revisiting. I surprise how much
attempt you put to make the sort of excellent informative web site.
ford sales
June 5, 2019 @ 2:45 am
Great blog! Do you have any recommendations for aspiring
writers? I’m planning to start my own blog soon but I’m a little lost on everything.
Would you recommend starting with a free platform like WordPress or go for a paid option? There are so many options out there that I’m completely overwhelmed ..
Any recommendations? Appreciate it!
love quotes and sayings with music
June 5, 2019 @ 12:01 pm
Aw, this was a really nice post. Taking a few minutes and actual effort to make a good article… but what can I
say… I hesitate a whole lot and don’t manage to get
nearly anything done.
Abby
June 6, 2019 @ 2:37 pm
Quality posts is the crucial to attract the people to pay a quick visit the web page,
that’s what this web site is providing.
tea party
June 7, 2019 @ 2:02 am
Good post! We are linking to this particularly great
content on our website. Keep up the good writing.
blog formats
June 14, 2019 @ 7:08 pm
If some one needs to be updated with latest technologies then he must be pay a visit this site
and be up to date everyday.
charity jobs
June 15, 2019 @ 3:02 pm
For latest news you have to pay a quick visit world-wide-web and on internet I
found this web site as a finest website for most up-to-date updates.
purchasing shoes
June 16, 2019 @ 7:56 am
Thanks a bunch for sharing this with all people
you actually realize what you are speaking about! Bookmarked.
Please additionally discuss with my web site =). We can have a link alternate arrangement between us
retail pos system
June 19, 2019 @ 3:39 pm
Hello, the whole thing is going nicely here and ofcourse every one is sharing facts,
that’s genuinely fine, keep up writing.
Fredric
June 21, 2019 @ 5:12 pm
Thanks for a marvelous posting! I quite enjoyed reading it,
you will be a great author. I will make sure
to bookmark your blog and will come back later on. I want to encourage you to ultimately continue your great writing,
have a nice weekend!
energy plus
June 22, 2019 @ 12:07 am
I got this web site from my pal who shared with me about this web page and at the moment this
time I am visiting this site and reading very informative articles or reviews at this time.
blog noticed
June 23, 2019 @ 11:45 pm
Amazing things here. I am very happy to peer your post.
Thank you so much and I am having a look ahead to touch you.
Will you kindly drop me a e-mail?
camera instead
June 25, 2019 @ 4:16 pm
Hi every one, here every person is sharing these kinds of know-how, thus it’s good to read this weblog, and I used
to pay a visit this blog daily.
Camilla
June 25, 2019 @ 4:50 pm
Unquestionably believe that which you stated. Your favorite reason seemed to be on the web the simplest thing to be aware of.
I say to you, I certainly get irked while people think about worries that they just don’t know
about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects
, people could take a signal. Will probably be back to get more.
Thanks
junk food
June 26, 2019 @ 5:37 am
Helpful information. Fortunate me I discovered your web site
by accident, and I’m stunned why this twist of fate didn’t happened earlier!
I bookmarked it.
servas allows people
June 26, 2019 @ 7:12 pm
You’re so interesting! I don’t suppose I’ve read
through anything like that before. So great to find someone with unique thoughts on this subject.
Really.. many thanks for starting this up. This web
site is something that’s needed on the web, someone with a
little originality!
honda civic hybrid
June 27, 2019 @ 4:55 pm
It’s a shame you don’t have a donate button! I’d definitely donate to
this outstanding blog! I guess for now i’ll settle for book-marking and adding your RSS feed to
my Google account. I look forward to fresh updates
and will share this website with my Facebook group. Talk soon!
app marketing
June 29, 2019 @ 3:33 pm
This is very fascinating, You are an excessively skilled blogger.
I have joined your feed and look forward to seeking more of your great post.
Also, I have shared your web site in my social networks
news enjoys
July 2, 2019 @ 4:23 am
What i don’t understood is actually how you are no longer actually a lot more well-preferred than you might be now.
You are very intelligent. You understand therefore significantly in relation to this subject, produced me personally imagine
it from a lot of varied angles. Its like women and men are not involved
unless it’s something to accomplish with Woman gaga!
Your own stuffs outstanding. At all times handle it up!
tonneau covers essentially
July 2, 2019 @ 7:24 pm
I’m excited to discover this website. I want to to thank you for your time for
this fantastic read!! I definitely loved every little bit of it and i also have you
bookmarked to check out new information in your website.
failing business
July 2, 2019 @ 8:40 pm
fantastic issues altogether, you simply gained a new reader.
What would you recommend in regards to your submit that
you made some days in the past? Any sure?
Lorenza
July 2, 2019 @ 11:38 pm
I do not know if it’s just me or if perhaps everyone else experiencing issues with your blog.
It appears like some of the written text on your posts
are running off the screen. Can someone
else please provide feedback and let me know if this is
happening to them as well? This may be a issue with my internet browser because I’ve had this happen previously.
Cheers
home business
July 3, 2019 @ 9:24 am
Hello to all, how is all, I think every one is getting more from this web page, and
your views are good for new people.
business goals
July 3, 2019 @ 5:39 pm
I’m impressed, I must say. Rarely do I encounter a blog that’s equally educative and entertaining, and without a doubt, you’ve hit the nail on the head.
The issue is something that not enough people are speaking intelligently about.
Now i’m very happy that I stumbled across this in my hunt for something regarding this.
Damaris
July 4, 2019 @ 11:36 am
It’s actually a great and useful piece of info.
I’m happy that you simply shared this useful info with
us. Please stay us informed like this. Thanks for sharing.
tactical investing
July 4, 2019 @ 10:42 pm
I savor, lead to I discovered exactly what I used to be taking
a look for. You’ve ended my 4 day long hunt! God Bless you man. Have a nice day.
Bye
consulting business
July 5, 2019 @ 1:27 pm
Great items from you, man. I have be aware your
stuff prior to and you’re simply too wonderful.
I really like what you’ve acquired here, really like what you are stating and the way in which
through which you assert it. You’re making it enjoyable and
you still care for to keep it sensible. I cant wait to learn much more from you.
This is actually a wonderful web site.
blog content
July 6, 2019 @ 4:39 am
What’s up to all, the contents present at this web page are really amazing for people experience, well, keep up the good work fellows.
business presence
July 9, 2019 @ 3:14 pm
great points altogether, you simply won a new reader. What would you
suggest in regards to your submit that you simply made some days
in the past? Any sure?
online tutors
July 11, 2019 @ 8:22 pm
Great post! We are linking to this particularly great article
on our site. Keep up the great writing.
tonneau covers essentially
July 12, 2019 @ 8:54 pm
Hi all, here every person is sharing such know-how, so it’s good to read this web site, and I used to
pay a visit this blog everyday.
ford sales
July 13, 2019 @ 6:20 pm
It’s remarkable to visit this site and reading the views of all
colleagues about this post, while I am also eager of getting know-how.
birthday party
July 13, 2019 @ 10:12 pm
Hi, after reading this awesome article i am also glad to share
my familiarity here with colleagues.
caring people
July 13, 2019 @ 10:31 pm
What’s up everyone, it’s my first pay a visit at this web page, and piece of writing is really fruitful for me, keep up posting these types of articles.
travel solo and safe
July 14, 2019 @ 5:42 pm
all the time i used to read smaller content that as well clear their motive, and that is also happening
with this piece of writing which I am reading at this time.
Ken
July 16, 2019 @ 10:08 am
Wow! At last I got a blog from where I know how to actually get
useful information concerning my study and knowledge.
business click
July 17, 2019 @ 11:51 am
Excellent beat ! I wish to apprentice whilst you amend your site,
how can i subscribe for a blog website? The account aided me a acceptable deal.
I were a little bit acquainted of this your broadcast provided vivid clear
idea
Devon
July 18, 2019 @ 2:13 am
I’m pretty pleased to uncover this web site. I want to to thank you for your
time due to this fantastic read!! I definitely liked every little bit of it and I have you book-marked to check out new stuff on your web site.
Sheila
July 19, 2019 @ 8:25 am
If some one needs expert view regarding blogging
and site-building after that i recommend him/her to pay a visit this web
site, Keep up the good job.
men travel
July 19, 2019 @ 3:40 pm
What’s up, its nice article on the topic of media print, we all
be familiar with media is a wonderful source of facts.
hotel website offers
July 20, 2019 @ 7:37 am
What’s Going down i’m new to this, I stumbled upon this
I have discovered It absolutely useful and it has aided me out
loads. I hope to contribute & aid different customers like
its aided me. Good job.
social content
July 21, 2019 @ 4:03 pm
Hi, after reading this remarkable post i
am as well delighted to share my knowledge here
with colleagues.
song name
July 21, 2019 @ 7:13 pm
What’s up, yes this post is actually good and I have learned lot
of things from it about blogging. thanks.
Bianca
July 23, 2019 @ 3:22 am
My family members always say that I am killing my time here at web, but I know I
am getting knowledge everyday by reading such pleasant articles or reviews.
blogging business
July 23, 2019 @ 5:30 am
Awesome issues here. I am very happy to peer your post. Thank you so much and I am having a look forward to contact you.
Will you kindly drop me a e-mail?
business co-operation
July 24, 2019 @ 7:39 pm
This post is really a pleasant one it helps
new internet users, who are wishing in favor of blogging.
estate investment
July 25, 2019 @ 5:22 am
I think everything composed made a great deal of
sense. But, what about this? suppose you were to create a awesome title?
I mean, I don’t wish to tell you how to run your blog,
but suppose you added a headline that grabbed a person’s attention? I mean Encapsulation vs Security — Dave'
s Programming Blog is a little plain. You should look at Yahoo’s home page and watch how they create
post titles to grab viewers to open the links.
You might add a video or a related picture or
two to get people excited about everything’ve got to
say. In my opinion, it could bring your posts a little bit
more interesting.
hermes official
July 26, 2019 @ 3:06 pm
You should take part in a contest for one of the finest blogs online.
I will highly recommend this web site!
potential business
July 26, 2019 @ 3:47 pm
I’ve been exploring for a little for any high quality articles or weblog posts in this sort of
house . Exploring in Yahoo I finally stumbled upon this web site.
Studying this info So i’m happy to express that I’ve a very good uncanny feeling I came upon just what I needed.
I so much surely will make certain to do not forget this web site and provides it a look on a continuing basis.
news channel 5
July 27, 2019 @ 3:08 am
This design is incredible! You certainly know how to keep
a reader entertained. Between your wit and your videos, I was almost
moved to start my own blog (well, almost…HaHa!) Excellent
job. I really enjoyed what you had to say, and more than that, how
you presented it. Too cool!
blog content
July 27, 2019 @ 1:14 pm
That is a really good tip particularly to those fresh to the blogosphere.
Simple but very precise information… Appreciate your sharing this
one. A must read post!
hotel united-21
July 30, 2019 @ 2:54 pm
Fabulous, what a web site it is! This web site gives helpful information to us, keep
it up.
teramune
August 1, 2019 @ 5:08 am
Magnificent goods from you, man. I’ve understand your stuff previous
to and you’re just extremely excellent. I actually like what you have acquired here, certainly like what you’re stating and the way in which you say it.
You make it enjoyable and you still care for to keep it
smart. I can’t wait to read far more from you.
This is actually a tremendous website.
coaching
August 3, 2019 @ 10:01 am
Hiya very cool website!! Man .. Excellent ..
Wonderful .. I’ll bookmark your website and take the feeds also?
I’m glad to find numerous useful info here within the post, we want develop more strategies in this regard, thank you
for sharing. . . . . .
my blog
August 4, 2019 @ 12:45 pm
I think this is among the most significant info for me.
And i am glad reading your article. But should remark on some general things, The website style is great, the articles is really
great : D. Good job, cheers
obtaining latest
August 5, 2019 @ 6:01 pm
Helpful info. Fortunate me I discovered your web site by
chance, and I’m shocked why this twist of fate did not took place earlier!
I bookmarked it.
food digestion
August 5, 2019 @ 8:29 pm
Right here is the perfect web site for anyone who wishes to find out about this topic.
You understand a whole lot its almost hard to argue with you (not that I personally would want to…HaHa).
You definitely put a brand new spin on a topic which has
been written about for a long time. Excellent stuff, just great!
intended travel
August 6, 2019 @ 6:55 pm
After going over a number of the blog articles on your site, I
seriously like your way of blogging. I saved as a favorite it to my bookmark website list and will be
checking back in the near future. Take a look at
my website as well and let me know your opinion.
greatest blues
August 7, 2019 @ 9:38 pm
Everything is very open with a clear clarification of the challenges.
It was really informative. Your website is very helpful.
Many thanks for sharing!
Leonel
August 8, 2019 @ 7:41 am
Amazing! Its genuinely awesome paragraph, I have got much
clear idea regarding from this piece of writing.
vacation plan
August 8, 2019 @ 4:29 pm
Nice post. I used to be checking continuously this
I care for such information much.
weblog and I am impressed! Very useful information particularly the remaining phase
I was seeking this particular information for a very long
time. Thank you and good luck.
August
August 12, 2019 @ 6:19 pm
Do you mind if I quote a few of your posts as long as I provide credit and sources back to your website?
My blog is in the very same area of interest as yours and my users would truly benefit from a lot of the information you provide here.
Please let me know if this alright with you. Thanks a lot!
trading account
August 14, 2019 @ 7:03 pm
I pay a quick visit every day some sites and information sites to read posts, except
this weblog offers quality based writing.
numerous tonneau covers
August 14, 2019 @ 10:16 pm
you are in point of fact a just right webmaster. The site loading speed is amazing.
It seems that you are doing any distinctive trick. Also, The contents are masterwork.
you’ve performed a excellent task on this subject!
mazda3
December 25, 2019 @ 8:58 am
Some truly interesting details you have written.Assisted me a lot, just what I was searching for
.
Rochell
December 31, 2019 @ 3:34 pm
My coder is trying to persuade me to move to .net from PHP.
I have always disliked the idea because of the
expenses. But he’s tryiong none the less. I’ve been using WordPress on various websites for about a year and am worried about switching to another platform.
I have heard great things about blogengine.net. Is there a way I can transfer all my wordpress posts into it?
Any kind of help would be greatly appreciated!
flonga
January 15, 2020 @ 8:59 am
Can I just say what a relief to find someone who actually understands what they’re talking about on the
web. You certainly understand how to bring an issue to light and
make it important. A lot more people really need to look at
this and understand this side of your story. I was
surprised you’re not more popular given that you certainly have the gift.
webtaichinhvn.tumblr.com
January 17, 2020 @ 3:27 am
This piece of writing is in fact a fastidious one it helps new internet visitors, who are wishing for blogging.
Pulmonary alveolar proteinosis
January 17, 2020 @ 5:59 pm
Aw, this was an exceptionally good post. Finding the time and actual effort to produce a superb article… but what can I say… I hesitate a whole lot and never manage
to get anything done.
Refugio
January 18, 2020 @ 9:40 am
When someone writes an article he/she retains the image of a user in his/her mind that how a user can unnderstand it.
Therefore that’s whhy this piece of writing
is great. Thanks!