Ka-Ping Yee <ping@zesty.ca>:
On Sun, 30 Mar 2003, Guido van Rossum wrote:
[Ping]
Having access to a particular instance should certainly not allow one to ask it for its class, and then instantiate the class with arbitrary constructor arguments.
Assuming the Python code in the class itself is not empowered in any special way, I don't see why not. So that suggests that you assume classes can be empowered. I can see this for classes implemented in C; but how can classes implemented in pure Python be empowered?
In many classes, __init__ exercises authority. An obvious C type with the same problem is the "file" type
Yes, I think the solution to this is not to forbid getting hold of the class of an object, but to design constructors so that they don't do anything that might be a security problem. In the case of files, that would mean removing the feature that file("foo") means the same as open("foo"), so that only the open() function can open arbitrary files. Greg Ewing, Computer Science Dept, +--------------------------------------+ University of Canterbury, | A citizen of NewZealandCorp, a | Christchurch, New Zealand | wholly-owned subsidiary of USA Inc. | greg@cosc.canterbury.ac.nz +--------------------------------------+