These Java API in no way could detach from developers unless the access to the JDK maintainers was also severe. However, time and again Java asks the developers to stop the internal Java API calls but to no use. Now, Mark Reinhold, chief architect of the Java Platform Group at Oracle states that Java is now capable of restricting the access to classes such as GC, Unsafe and BASE64Encoder.
During the Oracle Code One Conference, Reinhold states that “The JDK [Java Development Kit] has many internal APIs that were never meant to be used by external tools.” He went on to say that, “For decades, we’ve been warning developers against using them. They’ve done so anyway.”
Further, Reinhold believes that the restriction should be done from the platform security point of view. “Of the six high-impact zero-day vulnerabilities reports since JDK 7 in 2011, three of them would have been prevented. This could be only possible if we were able to encapsulate Java’s internal APIs,” Reinhold said. It becomes important for Java developers to ensure that they are considering the most common vulnerabilities while writing Java applications.
A few days back, the platform authorities stated that since Java codes have the cross-platform nature, it implies that OS-level security frameworks would not always be sufficient for ensuring the safety of the applications. Some of the common security issues are SQL injections, Java LDAP Injections, cross-site scripting injections and so on.
So security is one of the many factors which encourage Reinhold to appeal to the programmers and writers. However, security is not the only reason and Reinhold states “Starting with JDK 9, if your code uses Java APIs, it will not compile, and it may generate warnings at runtime. In the future, it will not run.”