[Edu-sig] Re: python vs php5
mmclay at comcast.net
Thu Dec 4 10:49:03 EST 2003
On Wednesday 03 December 2003 06:09 pm, Lee Harr wrote:
> >i've heard that php5 will include declaration of attributes which are
> >public and protected... aside from that interfaces which will be
> >implemented by
> >a class can also be created...
> >in line with OO principles, wouldnt these features be good if implemented
This question be more appropriate for the main python mailing list.
> You may want to join this list:
> which has been set up to talk about interfaces in python. There are at
> least three interface systems already (zope, twisted, and pyprotocols).
> I think that python will bring some very interesting developments to
> interfaces, but I don't think that excessive restrictions will be part of
> the mix. Instead, it will be more about making systems more flexible
> and more easily extensible by easing discovery of new things that
> support the interfaces you are interested in.
Interface definitions and the ability to make some members of a class private
or protected are separate issues. The jury is still out on how Python
interfaces will be defined. Python has had private members dating back to
around Python 1.5. They aren't used or talked about much. Probably because it
is very easy to subvert the minimal protection they provide to the class
designer. It is also probably the case that private and protected are an over
hyped and over used feature in Java and C++. In what sense do they protect
A recent article  on using Java describes how to use reflection to subvert
access protection for unit testing. The article shows how to peek inside an
object to "get" or "set" a private or protected member. The article states,
"the [Java] security layer preventing you from accessing private members is
only optional, and can be turned off." (It is only optional for programs that
are not executed as applets. The Java Security Manager enforces access
control on unsigned applets. Application that run signed applets can set the
access rules for the applets.)
So the protected and private members of Java aren't as protected and private
as might be expected. For trusted code these members are no more private and
protected than the private types in Python that can be defined using the "__"
prefix. (It is more work to get and set the members, but they are not safer
The notion of making some members private and protected are in conflict with
the introspection capability of Python (as well as reflection in Java). It
has been said that Python is for "consenting adults". (It's probably not the
best phrase for capturing the idea.) Python trusts programmers to not do
stupid things by subverting the minimal protection provided by the "__"
prefix. People who bypass this protection know that bad things can happen.
Using the private and protected declarations in a language as a security
measure in a dynamic language is not a reliable way to prevent promiscuous
programming. Stronger measure are needed, such building a sandbox in which
the untrusted code is executed in a separate physical address space. Another
approach is to provide a weakened language parser that limits potential
problems caused by untrusted code. It is my understanding that Zope security
for less trustworthy code uses a hobbled parser that limits the available
Python language features. This includes turning off introspection features.
Why do you think adding private and protected members would make Python a
better language? Would it be better, or just more like other language? Would
it be better, or just harder to learn?
More information about the Edu-sig