Lists Home |
Date Index |
Alaric B. Snell wrote,
> On Thursday 31 October 2002 16:32, Paul Prescod wrote:
> > Alaric B. Snell wrote,
> > > Remote o = Naming.lookup (<registry name>);
> > > Method m = o.getClass ().getMethod (<method>,new Object);
> > > Object result = m.invoke (o, new Object);
> > >
> > > System.out.println (result.toString ());
> > This makes no logical sense. In order to get the data for a stock
> > quote I have to download an appropriate class, find a static
> > method, invoke a method coerce the result to string and return it?
> Not done much Java? Ok. What it says is:
> 1) Get a "connection" to the object given the name. Call the result'o'
> 2) Find the zero-param method with the given name on that object
> 3) Call the method (giving it an empty list of arguments)
> 4) Ask the result to display itself
I think Paul is probably boggling at the hoops you're jumping through
merely to get a string result when you could just as easily have gotten
the string directly from the remote service via a much less heavyweight
There are times and places for extruding remote behaviour into a local
execution context, but your toy example hardly gives a compelling
example of one.
> > > That tool can be compiled up and then used to call any zero
> > > argument getter method anywhere. If you want to get into ones
> > > with arguments then there's a UI issue of setting up arbitrary
> > > Java objects for parameters, but it's still doable. You should
> > > really call result.toString () in a sandbox, too, since it'd be
> > > arbitrary code, but I'm leaving that out for the sake of ease.
> > You think people should trust the Java sandbox with the execution
> > of their most crucial business processes?
I can't resist the temptation to plug the forthcoming Java Application
Isolation API which (modulo flawed implementations) will make the local
execution of untrusted remote code in the way Alaric's suggesting a
much less risky proposition than it is now,
It's in community review at the moment, and should be in public review
in a couple of weeks. Hopefully you'll see it in the next rev of J2SE
and a subset in J2ME.