On Thu, 25 Jan 2024 12:16:13 GMT, Rafael Winterhalter <winterhal...@openjdk.org> wrote:
> Requiring such an API opens the module to anybody, though, punching a hole > into the module boundary. How so? Any module created to print Lookups can easily rely on a shared secret to secure the API. Byteman employs a non-null Instrumentation object (a value which any agent ought to keep secret). However, it could just as easily have employed an arbitrary bit length hash key. The key can be used to initialize a module-private static long[] field of an API implementation class generated into the module i.e. the hole can actually be a keyhole in the shape of a key known only to the API client and implementation. ------------- PR Comment: https://git.openjdk.org/jdk/pull/3546#issuecomment-1910230873
