0

I am working on an API for a software so my users can extend it without modifying the source code. But, I want only certain functions to be accessed by certain classes for security reasons. Is there anyway to do this? Also, I have no code because I have no idea on how to do this.

Thanks! -Trent

Whirvis
  • 189
  • 4
  • 23
  • it would help if you explain how they can extend the API. – James Black Mar 22 '15 at 00:13
  • 2
    Don't implement security this way ... unless you are prepared to go the whole hog and implement a security sandbox. (And even that is problematic ... unless you can lock down the execution platform.) – Stephen C Mar 22 '15 at 00:15
  • @JamesBlack You see, I am making a server software, which developers can hook the jar into the class path to have access to the functions and develop a plugin, which changes the behavior of the software without having to change the actual code of it. When the plugin maker finishes the plugin, he drops it inside the "plugin" folder, which the software then loads it and executes the code inside of it like events when needed. – Whirvis Mar 22 '15 at 00:35
  • @StephenC Ok, Looks like Ill just have to do what the bukkit team does and have staff decompile the plugin and look over it making sure there isn't dangerous code in there before adding it to the plugins page. – Whirvis Mar 22 '15 at 00:36
  • @Trent - You can do it simpler than that. Insist on plugins being supplied as source code. But that looks bad if your business model involves keeping your own source code private. – Stephen C Mar 22 '15 at 00:54
  • @StephenC My code isn't private, its a open source project on github, you can find it [here](http://github.com/Trenterprises/DiamondCore) also, I am only 14, so I do not own a business anyway ^^ – Whirvis Mar 22 '15 at 00:57
  • @SuperstarGamer-Trent - Good for you! In that case my "source code only plugins" suggestions works. (But my advice is to make sure you do your real school work first!) – Stephen C Mar 22 '15 at 01:09
  • @StephenC I do. Dont worry about it ^^ Like I said, I will wait until this project grows (If it does, I think its a pretty good concept) then Ill get volunteers I can trust to help with plugin checking and approval. – Whirvis Mar 22 '15 at 02:56

2 Answers2

2

I have two thoughts on this, one is that you can look at how Minecraft Forge created their plugin API.

Another way is to have a limited API between your core code and the actual plugins, but, you need to be careful of the platform. For example, if you write the core application in Java or C#, then I can use Aspect Oriented Programming (AOP) to bypass your security and have my code change the behavior of yours.

If you use functional programming (FP) languages, then you can protect more from this type of approach, if you also are not using languages on these platforms, but they are not perfect.

So, there is a trade-off between power and convenience, so how useful do you want your application to be, and how secure?

One possible solution that may work is if you go with something similar to Minecraft, though I doubt they do this, but, give a stub application to the user. They can extend it with plugins, and the interface functions they can modify are in the stub. When the program starts, the plugins are loaded, and the interface may be modified or extended, but, then the core program is pulled down and put into the stub, and then the actual program runs. The core program can be recompiled and manipulated so method names are changed, so reflection is harder to use, but taking this approach, and doing it well, would be hard.

BTW, I like Alex T's response, I just gave different terms to some of his, such as AOP instead of reflection and immutability is part of FP.

You mention jar, which means you are using something that runs on a JVM, so you may want to read up on AspectJ, as it can significantly alter the behavior of applications. You can have private methods, but I can put code that runs instead of yours, or change the parameters or the return value before or after the method is called.

James Black
  • 41,583
  • 10
  • 86
  • 166
  • Oh wow! I never thought of that! (This is actually ironic, as the API I mentioned is actually a one for a server software which allows people on MCPE and MCPC to play online together and can be found [here](http://github.com/Trenterprises/DiamondCore)) I'll try that, but I don't know if I will be able to though. I have a hard time looking at someone else's code as I don't really know whats going on in other places to make it happen. – Whirvis Mar 23 '15 at 13:58
1

To protect variables inside of classes, you can make them private, and accessible via getter and setter methods with varying levels of protection. This also applies to classes themselves; if you wanted to prevent the user from being able to instantiate a class, you could mark the class' constructor as protected to allow instantiation only within it's package.

If you wanted to hide the implementation details of a class altogether, you could declare the class as class X instead of public class X, which would hide methods from the API for standard development.

This will quickly get you the behaviour you're after, but there's an aspect of Java called reflection, which allows an executable Java program to analyze and manipulate it's own implementation; in this regard, no field or method is ever completely safe.

You can also safeguard variables by providing access to them via 'immutable' Objects; these are objects designed to forbid the caller from modifying the original source contents.

Community
  • 1
  • 1
Mapsy
  • 4,192
  • 1
  • 37
  • 43
  • 1
    Note - reflection can be used to access private fields and change final fields. Unless you run untrusted code inside a properly configured sandbox, it can do all sorts of nasty things to subvert JVM-based security. – Stephen C Mar 22 '15 at 00:25
  • @StephenC Yeah, I am using reflection to run these plugins, so Im trying hard to make it so they can't do things that would harm other plugins by falsely firing events and things like that. – Whirvis Mar 22 '15 at 00:31
  • @Trent ... *"I'm trying hard to make it so they can't do things that would harm other plugins by falsely firing events and things like that."* - You have a difficult task ahead of you ... – Stephen C Mar 22 '15 at 00:59