4

I have a class that performs some sensitive I/O operations across an entire disk volume. By sensitive I mean if the operation goes wrong, it can potentially corrupt the target volume.

During some post-release testing, I found that the process can be corrupted using reflection to manipulate private fields. The class is not sealed by design so that consumers of the library can create derivatives.

Is there a way to secure private members to prevent modification via reflection (from derived or consumer code)?

UPDATE: I found a comment from Hans Passant to an old question mentioning [ReflectionPermission]. Looking into that now.

Community
  • 1
  • 1
Raheel Khan
  • 14,205
  • 13
  • 80
  • 168

4 Answers4

7

There is no way to hide your field from Reflection. It can be used to access and manipulate any field on a type. There are steps you can take like obfuscation which make it harder to identify fields and in turn harder to change via Reflection. This is only a speed bump though. A determined developer can use Reflection to beat any work arounds you have

JaredPar
  • 733,204
  • 149
  • 1,241
  • 1,454
4

Short Answer: No.

You cannot stop people from messing with your program if they have the privileges.

nvoigt
  • 75,013
  • 26
  • 93
  • 142
3

I believe your best effort is going to be in obfuscating the code. Otherwise, you cannot stop someone from using reflection to mar things up a bit.

There is this post which may give you some idea on how you want to proceed.

Community
  • 1
  • 1
IAbstract
  • 19,551
  • 15
  • 98
  • 146
2

Private is just private to developers consuming your class. You cannot prevent its access via reflection.

Habib
  • 219,104
  • 29
  • 407
  • 436