On Wednesday 03 December 2003 06:09 pm, Lee Harr wrote:

...

i've heard that php5 will include declaration of attributes which are private, public and protected... aside from that interfaces which will be implemented by a class can also be created...

in line with OO principles, wouldnt these features be good if implemented in python???

This question be more appropriate for the main python mailing list.

You may want to join this list:

http://twistedmatrix.com/cgi-bin/mailman/listinfo/python-interfaces

which has been set up to talk about interfaces in python. There are at least three interface systems already (zope, twisted, and pyprotocols).

I think that python will bring some very interesting developments to interfaces, but I don't think that excessive restrictions will be part of the mix. Instead, it will be more about making systems more flexible and more easily extensible by easing discovery of new things that support the interfaces you are interested in.

Interface definitions and the ability to make some members of a class private or protected are separate issues. The jury is still out on how Python interfaces will be defined. Python has had private members dating back to around Python 1.5. They aren't used or talked about much. Probably because it is very easy to subvert the minimal protection they provide to the class designer. It is also probably the case that private and protected are an over hyped and over used feature in Java and C++. In what sense do they protect your program? A recent article [1] on using Java describes how to use reflection to subvert access protection for unit testing. The article shows how to peek inside an object to "get" or "set" a private or protected member. The article states, "the [Java] security layer preventing you from accessing private members is only optional, and can be turned off." (It is only optional for programs that are not executed as applets. The Java Security Manager enforces access control on unsigned applets. Application that run signed applets can set the access rules for the applets.) So the protected and private members of Java aren't as protected and private as might be expected. For trusted code these members are no more private and protected than the private types in Python that can be defined using the "__" prefix. (It is more work to get and set the members, but they are not safer than Python.) The notion of making some members private and protected are in conflict with the introspection capability of Python (as well as reflection in Java). It has been said that Python is for "consenting adults". (It's probably not the best phrase for capturing the idea.) Python trusts programmers to not do stupid things by subverting the minimal protection provided by the "__" prefix. People who bypass this protection know that bad things can happen. Using the private and protected declarations in a language as a security measure in a dynamic language is not a reliable way to prevent promiscuous programming. Stronger measure are needed, such building a sandbox in which the untrusted code is executed in a separate physical address space. Another approach is to provide a weakened language parser that limits potential problems caused by untrusted code. It is my understanding that Zope security for less trustworthy code uses a hobbled parser that limits the available Python language features. This includes turning off introspection features. Why do you think adding private and protected members would make Python a better language? Would it be better, or just more like other language? Would it be better, or just harder to learn? [1] http://www.onjava.com/pub/a/onjava/2003/11/12/reflection.html