Lambdas and serialization
crazybob at crazybob.org
Wed Oct 20 08:32:53 PDT 2010
On Tue, Oct 19, 2010 at 11:19 AM, Rémi Forax <forax at univ-mlv.fr> wrote:
> If you can serialize a lambda, you are able to forge a binary blob which
> once decoded by the serialization
> is a reference any private method.
FWIW, normal Java Method instances aren't serializable simply because they
may not exist from VM to VM. You're typically able to look up private
methods, even if you can't invoke them. The security checks happen when you
try to invoke them.
That's not to say lambdas will work this way.
More information about the lambda-dev