如何保护我的私有函数免受反射执行? [英] How can I protect my private funcs against reflection executing?
问题描述
看到这个后:访问修饰符也影响反射吗?>
我尝试使用它,但它不起作用:
如何防止反射执行我的私有方法?
如果有人当前可以在您的私有方法上使用反射,那么他们已经有足够的权限来回避您放置的任何其他方法.以较低的信任度运行可能是一种选择,但这只是为了防止插件之类的东西获得过多的访问权限 - 它不会阻止具有(例如)管理员访问权限的用户,他们可以简单地提升访问权限.
如果您不想运行代码,请不要将其置于恶意用户的物理范围内;将其保存在网络服务或类似服务中.用户可以使用的任何代码都可以直接使用,也可以通过反编译(如果需要,还可以对其进行反混淆)间接使用.您可以使用一些技巧来阻止他们(通过堆栈跟踪等检查调用者),但这不会阻止某人确定.
After seeing this: Do access modifiers affect reflection also?
I tried using this, but it doesn't work:
How can I prevent reflection from executing my private methods?
If someone can currently use reflection on your private methods, then they already have enough access to sidestep anything else you place in their way. Running with less trust may be an option, but that is only to prevent things like plugins from having too much access - it won't stop a user with (say) admin access to the box, who can simply elevate the access.
If you don't want code running, don't put it in physical reach of the malicious user; keep it at a web-service or similar. Any code available to a user can be used directly, or indirectly by decompiling it (and deobfuscating it if needed). You can use some tricks to get in their way (checking the caller via the stacktrace etc), but that will not stop someone determined.
这篇关于如何保护我的私有函数免受反射执行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
