...
In the non-compliant code snippet shown below, two classes, Ssn and SsnVerify are defined. If at some later time, the programmer changes the access modifier of the ssn field from public to private, a possibility exists that only the modified Ssn class is recompiled but the SsnVerify class is overlooked. As a result, SsnVerify can now illegally access the private ssn field of the Ssn class.
| Code Block | ||
|---|---|---|
| ||
package ssnvault.values;
public class Ssn {
public String ssn = "001 01 0001";
}
package ssnvault.values;
public class SsnVerify {
public static void main(String[] args) {
Ssn number = new Ssn();
System.out.println("Please enter last four digits of your SSN:");
//perform verification
}
}
|
...
It is vital to re-compile both Ssn and SsnVerify classes so that the bytecode verifier can be applied to detect the non-conforming code.
The verification process is automatically initiated unless the -noverify flag is specified at command line. On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification.
...