API REVIEW: RT-23888, Make PopupFeatures and PromptData final
richard.bair at oracle.com
Fri Aug 31 15:51:54 PDT 2012
> I agree with the other guys that final classes are annoying for us, but if they are needed to make things better then so be it.
> I think the emotive responses might be a result of us not knowing/understanding the benefits of the final usage and therefore only being able to assess it by its negative aspects.
>> The security problem with non-final classes has to do with attacks related to hacking finalizers, equals, hash code, and serialization from a sub class.
> Can you elaborate on this? Let's say I was a malicious, Hollywood-style hacker. What kind of damage could I do and how would I do that damage via some non-final class (the 'animation' ones for example caused me much grief by being final).
And now that you have this power, please use it for good and help us find security bugs before they hit the net. BTW, if you do find such a bug, email me privately before publicizing to the world ;-).
More information about the openjfx-dev