Why is it even possible to change a private member, or run a private method in C# using reflection? [duplicate]

c# .net reflection

Because the access modifiers are there to assist with documenting the API that you want to expose to consumers, or to inheritors, etc.

They're not a security/access control mechanism.


It's impossible to prevent someone from being able to do that. You could make it harder, you could force them to use unsafe code and start setting bits around blindly. After all, it's their program/machine, they're allowed to do such things.

The design of the language is such that it makes it hard for you to shoot yourself in the foot and do Bad Things. But it doesn't make them impossible, doing so would also restrict users from doing things that are unusual, but still desirable.


Private reflection requires that you be granted essentially full trust. Full trust means full trust. If you're fully trusted to be doing the right thing then why shouldn't that work?

(In fact, the security model for private reflection is actually much more complicated than I've sketched it here, but that does not affect my point: that this ability is subject to policy. See Security Considerations for Reflection (MSDN) for an overview of how reflection and security policy interact.)

Related

What is the simplest way to run a timer-triggered Azure Function locally once?
"Invalid privatekey" when using JSch
My Routes are Returning a 404, How can I Fix Them?
How to delete "px" from 245px
Warning : Failed child context type: Invalid child context 'virtualizedCell.cellKey' of type 'number' supplied to 'CellRenderer', expected 'string'
Calling a method on the main thread?
How can I save multiple documents concurrently in Mongoose/Node.js?
Append same text to every cell in a column in Excel
Progress bar in console application
Cannot find setter for field - using Kotlin with Room database
Visual Studio hotkey to switch between code behind and source file?
open resource with relative path in Java