Effective Java 英文 第二版 读书笔记 Item 13:Minimize the accessibility of classes and members

访问修饰符的可见域

• private—The member is accessible only from the top-level class where it is declared.
• package-private—The member is accessible from any class in the package
where it is declared. Technically known as default access, this is the access level
you get if no access modifier is specified.
• protected—The member is accessible from subclasses of the class where it is
declared (subject to a few restrictions [JLS, 6.6.2]) and from any class in the
package where it is declared.
• public—The member is accessible from anywhere.

 

Instance fields should never be public ,so classes with public mutable fields are not thread-safe

it is wrong for a class
to have a public static final array field, or an accessor that returns such a
field. If a class has such a field or accessor, clients will be able to modify the contents
of the array. This is a frequent source of security holes:
// Potential security hole!
public static final Thing[] VALUES = { ... };

 

Beware of the fact that many IDEs generate accessors that return references to private
array fields, resulting in exactly this problem. There are two ways to fix the
problem. You can make the public array private and add a public immutable list:

private static final Thing[] PRIVATE_VALUES = { ... };
public static final Thing[] values() {
return PRIVATE_VALUES.clone();
}