0

Is it possible to create a new instance of a Object Class in Scala using both Scala and Java reflection API?

If yes, then what should be the practice that one should follow to safe guard against this.

If no, then a brief insight about how Scala stop this attack would be very helpful.

Thanks in advance.

I'm a Java developer, currently learning Scala.

Tairman
  • 45
  • 1
  • 6
  • 1
    Probably relevant: https://stackoverflow.com/a/48586431/2707792 – Andrey Tyukin Feb 20 '18 at 17:30
  • Probably same thing as in the rest of JVM ecosystem: create a SecurityManager, that prevent using reflection on things. Or maybe ensure earlier, that code, that you put in you application is safe to run. – Mateusz Kubuszok Feb 21 '18 at 09:44
  • 2
    You almost never “have to” safe guard code against Reflection attacks. Such safe guard would only be necessary if your code is security relevant and still allows potentially malicious code to run within the same JVM. I know, there are entire books filled with this topic, but it’s nonsense. Before wasting time in preventing the creation of another object (other than the usual language-provided means), ask yourself, what actual harm someone could cause by creating another instance and how that compares with other things they could do with such Reflection… – Holger Feb 21 '18 at 09:58

0 Answers0