Hey Shreyan,

From what I understand, Python's design focuses on enabling the developer to
do whatever she feels right. Having a class attribute or something marked
as "private" is more of a warning to people _using_ that class that they
shouldn't tinker with that field. If I'm using a class that deals with a
bank account, for example, and the current balance is marked as
"private" - or prefixed with __, in Python - I should read that as

"well, this value has some elaborated logic behind it. I should not
go around messing with it because there may be consequences
that this class's author didn't want"

and not

"I shouldn't be able to see this value!"

This is not an information security aspect, it is more of a code usability thing.

That said,

> Someone just got the member variable value that the person wasn't supposed to

If they can't access a piece of data, they shouldn't be allowed to execute code inside
that server to begin with. There's actually a whole class of security flaws that
deal with code execution. Once you allow someone to run code on your server,
you're done and no keyword in the code will prevent bad things from happening.

Best,

--Bidu


On Wed, May 5, 2021 at 10:41 AM Shreyan Avigyan <pythonshreyan09@gmail.com> wrote:
Private methods, functions and variables are very common in programming languages. But Python doesn't support private. It has conventions for naming so considered private but not private. Most of the time private is never required, what Python provides is more than enough. But the need for private come into place when we're dealing with passphrases and servers. For example consider this code,

class A:
    def get():
        // code to get the password
        self.password = password

Now consider this,

>>> x = A(); x.get(); x.password

See what just happened? Someone just got the member variable value that the person wasn't supposed to.

I suggest to add private support for functions (module __all__ methods to be more clear), methods and variables (module __all__ variables or class variables).

(I very bad at reading PEPs so I may miss out something critical that's been explained already (sometimes I miss out a feature in a PEP and think about suggesting that feature when it's already there and then I realize "Oh! It's already here in this PEP"). If that's the case then please correct me.)

With Regards,
Shreyan Avigyan
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/DD2L56GCOCWEUBBZBDKKKMPPVWB7PRFB/
Code of Conduct: http://python.org/psf/codeofconduct/