
Certain combinations of permissions can produce significant capability increases and should not be granted. Other permissions should be granted only to special code.
AllPermission
The permission java.security.AllPermission
grants all possible permissions to code. This facility was included to reduce the burden of managing a multitude of permissions during routine testing as well as when a body of code is completely trusted. Code is typically granted AllPermission
via the security policy file; it is also possible to programmatically associate AllPermission
with a ProtectionDomain
. This permission is dangerous in production environments. Never grant AllPermission
to untrusted code.
ReflectPermission
, suppressAccessChecks
Granting ReflectPermission
on the target suppressAccessChecks
suppresses all standard Java language access checks when the permitted class attempts to operate on package-private, protected, or private members of another class. Consequently, the permitted class can obtain permissions to examine any field or invoke any method belonging to an arbitrary class [Reflect 2006]. As a result, ReflectPermission
must never be granted with target suppressAccessChecks
.
According to the technical note Permissions in the Java SE 6 Development Kit [Permissions 2008], Section ReflectPermission, target suppressAccessChecks
: