Something a little more worrisome
Apparently strings aren't as immutable as we thought:
[link|http://www.artima.com/weblogs/viewpost.jsp?thread=4864|http://www.artima.co...t.jsp?thread=4864]
Excerpt:
Have a look at the following code:
\npublic class MindWarp {\n public static void main(String[] args) {\n System.out.println(\n "Romeo, Romeo, wherefore art thou oh Romero?");\n }\n private static final String OH_ROMEO =\n "Romeo, Romeo, wherefore art thou oh Romero?";\n private static final Warper warper = new Warper();\n}\n
If we are told that the class Warper does not produce any visible output when you construct it, what is the output of this program? The most correct answer is, "you don't know, depends on what Warper does". Now THERE's a nice question for the Sun Certified Java Programmer Examination.
In my case, running "java MindWarp" produces the following output
C:> java MindWarp
Stop this romance nonsense, or I'll be sick
And here is the code for Warper:
\nimport java.lang.reflect.*;\n\npublic class Warper {\n private static Field stringValue;\n static {\n // String has a private char [] called "value"\n // if it does not, find the char [] and assign it to value\n try {\n stringValue = String.class.getDeclaredField("value");\n } catch(NoSuchFieldException ex) {\n // safety net in case we are running on a VM with a\n // different name for the char array.\n Field[] all = String.class.getDeclaredFields();\n for (int i=0; stringValue == null && i<all.length; i++) {\n if (all[i].getType().equals(char[].class)) {\n stringValue = all[i];\n }\n }\n }\n if (stringValue != null) {\n stringValue.setAccessible(true); // make field public\n }\n }\n public Warper() {\n try {\n stringValue.set(\n "Romeo, Romeo, wherefore art thou oh Romero?",\n "Stop this romance nonsense, or I'll be sick".\n toCharArray());\n stringValue.set("hi there", "cheers !".toCharArray());\n } catch(IllegalAccessException ex) {} // shhh\n }\n}\n
----
Sick but entertaining hack. And possible security exploit I think.