Java'final'关键字是否真正提高了安全性？ [英] Does the Java 'final' keyword actually improve security?

问题描述

虽然在Java中使用'final'关键字的原因很多

，我一遍又一遍地听到的一个是它使你的代码更安全。虽然这在这个简单的案例中似乎有意义：

While there are many reasons to use the 'final' keyword in Java, one of the ones I keep hearing over and over again is that it makes your code more secure. While this seems to make sense in this trivial case:

public class Password
{
    public final String passwordHash;
    ...
}

使用final关键字，你会期望没有恶意代码可以更改变量passwordHash。但是，使用反射可以更改passwordHash字段的最终修饰符。

With the final keyword, you would expect that no malicious code would be able to change the variable passwordHash. However, using reflection it is possible to change the final modifier on the passwordHash field.

最终提供任何真正的安全性，还是只是安慰剂？

So does 'final' provide any real security, or is it just placebo?

编辑：
有一些非常有趣的讨论，我希望我能接受不止一个答案。感谢大家的意见。

There is some really interesting discussion, and I wish I could accept more than one answer. Thanks everyone for your input.

推荐答案

在'经受住攻击'的意义上，这不是'安全';它更像是更难搞乱。

It's not 'security' in the sense of 'withstanding an attack'; it's more like 'harder to mess up by mistake'.

我更喜欢安全这个词;我觉得它更像是防止意外，而不是恶意。

I prefer the word 'safety'; i feel its more like preventing an accident, not malice.

这篇关于Java'final'关键字是否真正提高了安全性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！