Given:
module A
{
exports fuzzy.bunny to B;
}
What prevents a malicious player from pretending to be module B
in order to gain access to module A
's secrets?
I know that Java has some sort of signing mechanism in META-INF
that allows each module to ensure that its own class files have not been modified, but what mechanism ensures that one module can trust another module's class files?
Might not precisely be the answer you are looking for, but a part of JMOD file creation using jmod
tool explains it briefly :
--hash-modules
With the
--hash-modules
option or thejmod hash
command, you can, in each module's descriptor, record hashes of the content of the modules that are allowed to depend upon it, thus "tying" together these modules. This let's you to allow a package to be exported to one or more specifically-named modules and to no others through qualified exports . The runtime verifies if the recorded hash of a module matches the one resolved at run time; if not, the runtime returns an error.
further from the same documentation
These hashes are recorded in the JMOD archive file being created, or a JMOD archive or modular JAR on the module path specified by the
jmod hash
command.
Useful : There is a hashing example in the link shared above as well which depicts a use case to which your question quite relates.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.