鉴于:
module A
{
exports fuzzy.bunny to B;
}
什么阻止恶意玩家伪装成模块B才能获得模块A的秘密?
我知道Java在META-INF中有一些签名机制,它允许每个模块确保它自己的类文件没有被修改,但是什么机制确保一个模块可以信任另一个模块的类文件?
最佳答案 可能不是您正在寻找的答案,但
JMOD file creation using jmod tool的一部分简要解释了它:
--hash-modules
With the
--hash-modulesoption or thejmod hashcommand, you can, in
each module’s descriptor, record hashes of the content of the modules
that are allowed to depend upon it, thus “tying” together these
modules. This let’s you to allow a package to be exported to one or
more specifically-named modules and to no others through qualified
exports. The runtime verifies if the recorded hash of a module matches
the one resolved at run time; if not, the runtime returns an error.
进一步从相同的文件
These hashes are recorded in the JMOD archive file being created, or a
JMOD archive or modular JAR on the module path specified by thejmod hashcommand.
有用:上面分享的链接中有一个散列示例,它描述了您的问题与之相关的用例.
