is this Singleton resistant to both Serialization and Reflection Attacks?

Question

Is the following code resistant to both Serialization and Reflection Attacks?

public class Example{
  private static Example instance=new Example();

  private E         


        

Answer 1

OO design is not meant to prevent attacks, IMHO. It can be useful to prevent inappropriate usage of your classes and bugs due to bad comprehension, irrespect of the contract, incompetence, or programming errors, though.

Since your Example class is not serializable, I would say that serialization is not a problem in this case. Regarding reflection, if someone uses it to create another instance of your singleton, then he's obviously malicious IMO, and risks shooting himself in the foot anyway.