Is there a problem to use reflection (specifically class.forName) in server side application?
My main thread about this is someone to inject a code dumping memory in JVM and adding commands in reference memory field, but this is unlike in server side (and if server side was compromised this will be a minor problem).
Btw, I am asking because static analises keep acusing as a vulnerabiliy
http://dlvr.it/RzBp2J
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment