Will python never intend to support private, protected and public?

Paul Rubin http
Mon Oct 3 07:41:46 CEST 2005


Mike Meyer <mwm at mired.org> writes:
> > Privilege separation is considered a good coding practice.  How does
> > Python help it?
> 
> With conventions and name mangling. Which are only slightly less
> effective than the C++/Java technic for doing the same thing.

That's not what privilege separation means.  It means that the
privileged objects stay secure even when the unprivileged part of the
program is completely controlled by an attacker.  It's not used
enough.  It's typically done with separate processes and maybe
separate user accounts:

  http://plastictree.net/articles/privsep/ar01s02.html

and in the case of host-security modules (used in banking), it's done
with separate hardware.  Java (but not C++) can do it with private
variables and so forth (applet security depends on that).  It's a
reasonable style to use in any program that uses files, sockets, etc.,
and has to cope with possibly-malicious data.

> I was going to suggest Jython as a better bet for getting something
> rexec-like to work.

Yeah, that's the thing, we should not think of Python as meaning one
particular implementation.



More information about the Python-list mailing list