5

I was answering this question, where I recommended utilizing exports to syntax to prevent external consumers from accessing code that is intended for internal use between modules.

But on further reflection, the only real safety checking that modules implement is that it matches the name. Consider this example where I am implementing two modules:

module a {
    exports unsafe to b
}

module b {
    requires a
}

The package unsafe contains code that would be unsafe to have exposed. Is there any way to securely export this to internal modules without exposing them externally?

In the above example, a rogue entity could simply name their module b and would gain access to the code (not secure). The JLS doesn't seem to spell out anything that can prevent it.

Ironcache
  • 1,719
  • 21
  • 33
  • 6
    Modules can be hashed. In the example, com.my.a can store the hash of com.my.b to avoid accidental resolution with the wrong version com.my.b. It's not cryptographic hashing but might be good enough for what you are doing. Looking at the `jar --hash-modules` options for more on this. – Alan Bateman Feb 12 '18 at 15:32

1 Answers1

5

The hashing of modules as pointed by Alan shall work in your case. Though I personally like the description and the example from the JMOD tool which directly answers your question :

With the --hash-modules option or the jmod hash command, you can, in each module's descriptor, record hashes of the content of the modules that are allowed to depend upon it, thus "tying" together these modules.

This lets you to allow a package to be exported to one or more specifically-named modules and to no others through qualified exports. The runtime verifies if the recorded hash of a module matches the one resolved at run time; if not, the runtime returns an error.

Community
  • 1
  • 1
Naman
  • 27,789
  • 26
  • 218
  • 353