Re: python development practices?
by Paul Rubin other posts by this author
Oct 31 2001 11:09PM messages near this date
Re: Underscore data hiding (was python development practices?)
|
Re: python development practices?
"Chris Tavares" <christophertavares@[...].net> writes:
> At the start of this thread, your post implied that 'data hiding' meant
> something similar to C++ or Java's access specifiers: private, public, etc.
> But the stuff you mention above has nothing to do with that! The applet
> sandbox is a specific mode provided by the runtime - and rexec/bastion is
> NOT a hack, it's just another way to implement a sandbox.
A private variable in a java class instance is intended to really be
private, that is, it's supposed to be secure against access from code
outside the class implementation, even to code not running in a sandbox.
The sandbox is a separate mechanism and rexec/bastion does provide
something like it, but that's not always appropriate.
> As far as security - well, I don't know how stuff like that is
> supposed to work, but in my experience that's an OS issue rather
> than a language issue. Python compiles and runs on almost every
> platform under the sun, and lots of them don't have ANY kind of
> security, so what should it do? Implement some gigantic code-access
> security features that most people don't need?
Obviously Python (or a JVM) can't be responsible for what happens
outside the interpreter. If the application can access raw hardware
memory through the file system (/dev/mem) then it can get to anything
in the program. But assuming there's no such external interfaces
then the security can be provided.
> And in any event, C++ access specifiers don't do much but provide a
> challenge to those "rogue programmers" you mentioned, and they don't
> help at all in any of the above situations. So I'm curious what you
> really mean, and what you really want.
C++ can't provide security for private variables and doesn't try to.
Because C++ lets you dereference naked pointers, if you know the
definiition of class x, you can figure out the offset of private
variable x.a, and cast &x to an int pointer and get the data from
that offset. Java doesn't have pointers. It really can and does
enforce the privacy.
--
http://mail.python.org/mailman/listinfo/python-list
Thread:
Peter Wang
Peter Hansen
Toby Dickenson
Tim Peters
Steve Holden
Steve Holden
Cliff Wells
Tim Peters
Martijn Faassen
Cliff Wells
Cliff Wells
Martijn Faassen
Martijn Faassen
Paul Rubin
Russell E. Owen
Barry A. Warsaw
Martijn Faassen
Peter Wang
Skip Montanaro
John Roth
David Bolen
Peter Wang
Peter Wang
Skip Montanaro
Chris Tavares
Darren Collins
David Bolen
Paul Rubin
Paul Rubin
Peter Wang
F Basegmez
Richard Jones
Richard Jones
Neal Norwitz
Graham Ashton
Peter Wang
Russell E. Owen
Skip Montanaro
Cliff Wells
Hung Jung Lu
Wade Leftwich
Peter Wang
Peter Wang
Peter Wang
Chris Gonnerman
Paul Rubin
Andrew Dalke
Paul Rubin
Luigi Ballabio
Paul Rubin
Tim Peters
John Roth
Paul Rubin
Richard Jones
|
