...

Type Safety

Wiki MarkupJava is widely considered to be a type-safe language \ [[LSOD 02|AA. References#LSOD 02]\]. For that reason, it should not be possible to compromise a Java program by misusing the type system. To see why type safety is so important, consider the following types:

public class TowerOfLondon {
  private Treasure theCrownJewels;
  ...
}

public class GarageSale {
  public Treasure myCostumeJewelry;
  ...
}

Wiki MarkupIf these two types could be confused, it would be possible to access the private field {{theCrownJewels}} as if it were the public field {{myCostumeJewelry}}. More generally, a _type confusion attack_ could allow Java security to be compromised by making the internals of the security manager open to abuse. A team of researchers at Princeton University showed that any type confusion in Java could be used to completely overcome Java’s security mechanisms (see _Securing Java_, Ch. 5, Sec. 7 \ [[McGraw 1999|AA. References#McGraw 1999]\]).

Java’s type safety means that fields that are declared private or protected or that have default (package) protection should not be globally accessible. However, a number of vulnerabilities are built in to Java that enable this protection to be overcome. These should come as no surprise to the Java expert, as they are well documented, but they may trap the unwary.

...