I've often heard Java programmers criticize Python because it doesn't enforce privacy in any way. Personally, I think that it'd be great if Python could be fully sandboxed like JavaScript can, but sandboxing is a completely separate topic. Preventing a programmer who works on my team from calling a method that I've named _private_method isn't all that interesting to me. If he sees the fact that I've named the method with a leading underscore, and he still feels the need to call it, so be it.
Ruby does provide private instance variables, constants, and private methods, but really, those are just suggestions.
For instance, if you override a constant, you just get a warning:
irb(main):001:0> A = 1If you have an object, and you want to call a private method, you can just inject a method into that object in order to get access to the private method:
=> 1
irb(main):002:0> A = 2
(irb):2: warning: already initialized constant A
=> 2
irb(main):003:0> puts A
2
=> nil
class SuperSecretYou can use the same "inject a method" trick to get access to instance variables:
private
def secret
puts "Wombats!"
end
end
obj = SuperSecret.new
begin
puts obj.secret
rescue
puts "Yep, it blocked me properly." # Yep, it gets blocked.
end
def obj.hack_the_secret
secret
end
obj.hack_the_secret # Prints "Wombats!"
def obj.get_aIn no way am I criticizing Ruby for this behavior. As I said, I think it's a bad situation if you can't trust your team members. I just wanted to point out that in Ruby, the protection mechanisms are really just suggestions ;)
@a
end
8 comments:
You can also use instance_eval to get at instance variables:
obj.instance_eval { @a }
Or #send.
obj.send(:private_method)
Wow, even #send doesn't enforce the constraints? That's crazy ;)
Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))
The intent in 1.9 is supposedly to switch it so that send does respect private vs non-private, and a different version (I think last I checked it was __send__) does not. The clearest way to get an instance variable, by the way, is instance_variable_get:
obj.instance_variable_get :@a
Similarly, you can set them via instance_variable_set. It turns out that the approach that it is `just a suggestion' is a common one in Ruby: show convention, but allow the programmer the flexibility to achieve what they want without getting in the way. In short, trust the programmer. This is a concept that is completely alien to Java's approach -- and that's why Java is usually better suited to the so-called `enterprise', where you often meet subpar coders who would blow entire cities up accidentally if they had the flexibility that Ruby provides.
> Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))
That's so awesome ;) Thanks for the comment!
> In short, trust the programmer.
I agree. Thanks for the comment ;)
private, protected, and public have a purpose: they keep folks away from the unstable parts of your API.
It's a very, very good thing to have a means by which you can keep programmers from inadvertently depending on what should be refactorable. That's what we're doing when we declare something private, we're saying "it may go away in a .x revision"
Post a Comment