Paul Rubin <http://[EMAIL PROTECTED]> writes: > Mike Meyer <[EMAIL PROTECTED]> writes: >> Note that the quoted article only applies to *writing* attributes. It >> doesn't say anything about needing accessors to *read* a >> variable. This encourages me that the convention I use - adopted from >> Eiffel, where the compiler enforces it - of freeling reading >> attributes, but providing methods to write them - is a right way todo >> things. > > Generally that sounds reasonable. Obviously there are other examples > when (e.g. for security) you have to make sure that variables can't be > read by other classes, e.g. you have a class that stores a capability > (or a password) in an instance variable, and uses it for privileged > operations.
If you can't trust the code that shares your address space, you're in a world of hurt for security. Compile-time restrictions don't matter for squat - you need serious restrictions on what the program can do at runtime. <mike -- Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. -- http://mail.python.org/mailman/listinfo/python-list