Accessors in Python (getters and setters)

[mystilleef]

doh

Let's talk about psychorigid mindset...

Thanks, I'm insane.

To allow attribute syntax when you really have computation behind. Which
1/ let you start with the simplest case (a simple attribute) and change
your mind latter
2/ offer the possibility to use an attribute syntax (instead of a method
call syntax) when it seems more natural.

Right, and what I'm I trying to do again?

You can do just the same in Java or C++.

OMG!


I'm deadly serious and definitively not joking. There's no cure for
idiocy, and there's definitively nothing like an idiot-proof system.

Sure, but calling users idiots for as result of your laziness or poor
design or lack of robustness is equally idiotic.

IOW : you're unable to find any valid reason to use the second solution
instead of the first (of course : there's none), but refuse to admit it.

Hey, I didn't write that code. You did! You deal with it. My input on
__your__ code at this point is irrelevant.

You are not controlling *anything*

r = Robust()
r._Robust__is_active = True

*sighs*

You keep coming up with these unrealistic and impractically delusional
theories to make yourself feel happy. Sure Python lets your do that,
but that's an implementation detail almost all Python developers could
give a damn about. How many times do I have to tell you I don't care
for latent semantic implementation details of Python? Anybody who does
what you just did should be laughed at derisively and ignored. But I
don't have time to deal with fantasy and unreleastic theories.

As I told you, there's no cure for idiocy.


And what if you want to change 'buffer_is_active' to 'is_active' ?

But I don't want to. I wanna change implementation not interface.

Lol. cf above. And, may I repeat : you're getting the "my/3rd part"
stuff the wrong way. If someone uses your code in it's app, then it's
*her* system, and *your* code is the '3rd part'. Whether someone wants
to do idiotic things with your code that will result in a crash is none
of *your* concern. Just like if someone buy a hammer and bangs his head
with, it's not the concern of the guy who made the hammer.

That's just silly. If a third party plugin is crashing your app, guess
who's gonna get the emails and bug reports? That's right you! And that
is after hours of trying to reproduce the bug on your system
unsuccessfully because you don't have the bloody plug-in installed and
they user doesn't know a random plug-in he downloaded is the root of
the problem. Welcome to reality.

So you see receiving a bug report as a form of ridicule ?

Yes, it can be.

Now FWIW, I have lot of python apps in production, very few bug reports
[1], and none of them being the result of the problem you seems to fear
that much.

Good for you! I'm sure you are brilliant programmer.

[1] The very first release of one of them is in production for more than
6 monthes now, is daily used by a dozen non-computer-savy users, and not
a *single* bug report - actually, the only return we had is "it's
perfect, it works like a charm, and we have some other stuff for you guys"

My users are not just end users they are also developers. Again, I'm
glad you are seeing success in __your__ projects.

In my example (which was not intended as a "solution to a problem"),
is_active is clearly part of the API. So your argument is moot.

OTOH, if I need to control access to is_active, I can easily change it's
implementation - ie by using a property (or any custom descriptor). So
my "solution to the problem" is functionally equivalent to yours, and
requires much less code - which contributes to making it more robust.

Your example actually requires more code, is looks complex and it's
ugly (no offense, my opinion).

Oh yes, I can :
- too much exposure to B&D languages
- lack of ability to criticize "what's in the Book"
- confusion between state/behaviour concepts and the (mostly inexisting
in most hi-level languages) data/function dichotomy
- control-freak mindset

Lets stick to the arguments please. No need to attack me.

You're wasting your time because you refuse to escape from your "what's
in the book" mindest and insist on writing Java in Python. I had the
same problem when I came from Java to Python, then I had the "aha"
moment where I realized I was overdoing it, writing uselessly
complicated code to do simple things that would just have worked without
all this mumbo/jumbo control freak stuff. But it seems you prefer to
stick to your masochistic approach for no other reason than
misunderstood concepts, so we can't help you here.

Fantastically, I have never used Java for any public project. I don't
understand how you reach your faulty assumptions. You don't know my
background with any language so quit this "Java is the reason you think
like this" banter.

Lol. I actually did *un*learn the hard way.

Mystilleef, I've started programing 17 years ago, and have done it
professionnaly for almost 10 years now. I do not pretend to be a good
programmer, but please believe that I do know my job. I've read the Book
too, I've tried applying it blindly, then I used my brain. Once you
understand the real reasons behind a "rule", you also understand when
and how to apply or not apply it.

What book are we talking about again? I made these rules from my
experience writing programs in Python, not from any book. There's only
so much books can do when it comes to designing robust software in
practice. But for a lot of people over here who claim they've been
programming for X number of years, some of them certainly do need to
hit the books again. I don't believe I spent an inordinate amount of
time explaining state and behavior or the benefits or techniques for
reducing coupling or why anyone would need accessors, among other
things.

The problem is that you definitively *failed* to understand how to use
them (or actually how to *not* use them when not needed).

Sure, if it makes you feel better.

 

[Bruno Desthuilliers]

Bruno Desthuilliers wrote:
(snip)


Thanks, I'm insane.

You say so.

(snip)

Right, and what I'm I trying to do again?

Write Java in Python.

OMG!

It's common knowledge.

Sure, but calling users idiots for as result of your laziness or poor
design or lack of robustness is equally idiotic.

Ok, then 99.99% of Python programmers are lazy, have poor design skills
and are unable to write a robust application. So they are idiotic too.

Hey, I didn't write that code. You did! You deal with it. My input on
__your__ code at this point is irrelevant.

It's totally relevant, and you're still unable to come with any valid
reason to prefer the first solution over the second. I'm totally
confident that if there was *any* defendable reason to favor the first
approach, you'd have chosen to answer instead of playing dumb.

*sighs*

You keep coming up with these unrealistic and impractically delusional
theories

Pardon ? Which "unrealistic and impractically delusional theories" ?
Please try the code above instead of getting to big words...

to make yourself feel happy.

yes, of course, I need this to feel happy. Doh

Sure Python lets your do that,
but that's an implementation detail almost all Python developers could
give a damn about. How many times do I have to tell you I don't care
for latent semantic implementation details of Python? Anybody who does
what you just did should be laughed at derisively and ignored.

Believe it or not, but there are times someone may have a perfectly
valid reason to do so (probably not with your example, but that's
another point).

But I
don't have time to deal with fantasy and unreleastic theories.

blah blah.

But I don't want to. I wanna change implementation not interface.

Changing implementation from direct attribute access to property doesn't
require changing the interface, so there's no reason to use a property
for simple read/write access. period.

That's just silly. If a third party plugin is crashing your app,

Not my responsability.

guess
who's gonna get the emails and bug reports? That's right you!

And ?

And that
is after hours of trying to reproduce the bug on your system
unsuccessfully

If the app runed fine and all of a sudden starts to crash, I'll suspect
something specific to the user system.

because you don't have the bloody plug-in installed and
they user doesn't know a random plug-in he downloaded is the root of
the problem.

"Hi Mr User... Just a question about your problem : did you change
anything in your system recently ? Like installing a new plugin ?"

Yes, it can be.

I definitively give up trying to understand you.

Now FWIW, I have lot of python apps in production, very few bug reports
[1], and none of them being the result of the problem you seems to fear
that much.

Good for you! I'm sure you are brilliant programmer.

I'm not.

[1] The very first release of one of them is in production for more than
6 monthes now, is daily used by a dozen non-computer-savy users, and not
a *single* bug report - actually, the only return we had is "it's
perfect, it works like a charm, and we have some other stuff for you guys"

My users are not just end users they are also developers.

Developpers are supposed to know enough to fill in useful bug reports...
and possibly do some prior research on the problem by themselves.

Your example

Which one ?

actually requires more code,
is looks complex and it's
ugly

You mean:

class Pythonic(object):
def __init__(self):
self._is_active = True

@apply
def is_active():
def fget(self): return self._is_active
def fset(self): raise SomeException('sorry, read-only')
return property(**locals())

(no offense, my opinion).

of course.

Lets stick to the arguments please. No need to attack me.

You're of course free to identify yourself with the 'anyone' described
above - but that's your responsability, not mine.

Fantastically, I have never used Java for any public project. I don't
understand how you reach your faulty assumptions.

Because most of the opinions you expressed so far are usually
symptomatic from a Java exposure. FWIW, the fact that you "never used
Java for any public project" doesn't contradict anything of my above
writing.

What book are we talking about again? I made these rules from my
experience writing programs in Python, not from any book.

I fail to see how your view of "data = state / methods = behaviour" or
your advice to "make all data attributes private" comes from experience
writing Python code.

There's only
so much books can do when it comes to designing robust software in
practice.
Indeed.

But for a lot of people over here who claim they've been
programming for X number of years, some of them certainly do need to
hit the books again. I don't believe I spent an inordinate amount of
time explaining state and behavior or the benefits or techniques for
reducing coupling or why anyone would need accessors, among other
things.

Do you really believe you taught me anything about these topics ?

Sure, if it makes you feel better.

Alas, not. Seeing someone inflicting himself pain because of misbelief
or misunderstanding does not "make me feel better". Too bad you take it
this way.

 

[Diez B. Roggisch]

You mean:

class Pythonic(object):
def __init__(self):
self._is_active = True

@apply
def is_active():
def fget(self): return self._is_active
def fset(self): raise SomeException('sorry, read-only')
return property(**locals())

Neat! That slipped my attention over all this noisy and pointless
discussion...

Regards,

Diez

 

[mystilleef]

You say so.


Write Java in Python.

Dude, I haven't written more than "Hello World" programs in Java. I
__don't__ have a strong Java background.

It's common knowledge.

I ask how your solution is robust, and you go off talking about Java
and C++. Quit turning this into a language pissing contest. The hell I
care what Java or C++ does.

Ok, then 99.99% of Python programmers are lazy, have poor design skills
and are unable to write a robust application. So they are idiotic too.

If you say so.

It's totally relevant, and you're still unable to come with any valid
reason to prefer the first solution over the second. I'm totally
confident that if there was *any* defendable reason to favor the first
approach, you'd have chosen to answer instead of playing dumb.

Chosen what answer? First of all, I have no idea what you are trying to
do. Secondly, I wouldn't code like that. So asking for my input on
some code that I believe has no purpose is irrelevant. In your class,
Complicated, why are your accessors private? Why is the attribute the
accessors are modifying public? In your second class, can data afford
to be modified by anyone? Does doing that cause any corruption, bugs,
indiscrepancies in the system? You can't just throw code at me, out of
context, and tell me to choose which is better. It's just premature.

Pardon ? Which "unrealistic and impractically delusional theories" ?
Please try the code above instead of getting to big words...

Doesn't that fall under the "DO NOT DO THIS AT HOME KIDS" in the FAQ
section or somewhere?

yes, of course, I need this to feel happy. Doh


Believe it or not, but there are times someone may have a perfectly
valid reason to do so (probably not with your example, but that's
another point).

I have never seen any Python code do that. I will certainly reject code
like that in my project. But if people do it without any ill effects,
good for them. I don't do it, I don't know any Python developer that
does.

blah blah.


Changing implementation from direct attribute access to property doesn't
require changing the interface, so there's no reason to use a property
for simple read/write access. period.

There is. The name issues already afore-mentioned elsewhere.

Not my responsability.

You enjoy pointing fingers, don't you?

And ?

You have to investigate it?

If the app runed fine and all of a sudden starts to crash, I'll suspect
something specific to the user system.

There you go again pointing fingers. It has to be the stupid idiotic
users fault.

"Hi Mr User... Just a question about your problem : did you change
anything in your system recently ? Like installing a new plugin ?"

Yeah, now you have 20/20 hindsight.

I definitively give up trying to understand you.

I guess you haven't got bug reports that make you feel like shit. Only
to find out the problem actually has nothing to do with your app.

Now FWIW, I have lot of python apps in production, very few bug reports
[1], and none of them being the result of the problem you seems to fear
that much.

Good for you! I'm sure you are brilliant programmer.

I'm not.

[1] The very first release of one of them is in production for more than
6 monthes now, is daily used by a dozen non-computer-savy users, and not
a *single* bug report - actually, the only return we had is "it's
perfect, it works like a charm, and we have some other stuff for you guys"

My users are not just end users they are also developers.

Developpers are supposed to know enough to fill in useful bug reports...
and possibly do some prior research on the problem by themselves.

Developers extend your application in ways you hadn't originally
anticipated, thus exposing bugs. And no, it's not the developers fault.
I know that's where you are going. There are several reasons why this
can happen, including me not protecting object's state properly. But
we've already been through all that to no avail.

Which one ?



You mean:

class Pythonic(object):
def __init__(self):
self._is_active = True

@apply
def is_active():
def fget(self): return self._is_active
def fset(self): raise SomeException('sorry, read-only')
return property(**locals())



of course.

Yes, that.

You're of course free to identify yourself with the 'anyone' described
above - but that's your responsability, not mine.

Please, given the wild assumptions you have made about me in this
thread alone, only someone who can't read between the lines would
question who that was directed at.

Because most of the opinions you expressed so far are usually
symptomatic from a Java exposure. FWIW, the fact that you "never used
Java for any public project" doesn't contradict anything of my above
writing.

They are also symptomatic of Eiffel, Smalltalk, Ada and about 99% of
all OO languages out there. That still doesn't make me a Java junkie.

I fail to see how your view of "data = state / methods = behaviour" or
your advice to "make all data attributes private" comes from experience
writing Python code.

Then I can't help you.

Do you really believe you taught me anything about these topics ?

No, but I surprised some of the terms I use confuse you. Or why you
would question why anyone would need to use accessors. And that you
consider data hiding and encapsulation harmful and unnecessary.
However, I'll give you the benefit of the doubt. English is my second
language, and when I write in a haste, I tend to express myself poorly.

Alas, not. Seeing someone inflicting himself pain because of misbelief
or misunderstanding does not "make me feel better". Too bad you take it
this way.

I feel a lot more pain when I have to investigate bugs that I could
have prevented easily if only I had adhered to sound software
engineering principles as opposed to drinking philosophical Kool Aid.
I'm in tune with most of Python's philosophies. But one needs to know
when to make exceptions as opposed to blindly reciting and following
ingrained mantras.

 

[Bruno Desthuilliers]

Bruno Desthuilliers wrote:
I ask how your solution is robust,

This is definitively not a problem with "my solution". Python has *no*
access restriction. Anyone can do what he wants with any attribute of
your Python classes.

and you go off talking about Java
and C++.

Whose access restriction is Joke.

If you say so.

Logical derivation from your above statement.

Chosen what answer? First of all, I have no idea what you are trying to
do.

Make you understand why, in Python, it is *totally* useless to mark an
attribute as implementation and add read/write accessors to it. But it's
obviously hopeless.

Secondly, I wouldn't code like that. So asking for my input on
some code that I believe has no purpose is irrelevant. In your class,
Complicated, why are your accessors private?

They are not "private", they are implementation details - in this case,
support for a property.

Why is the attribute the
accessors are modifying public?

It is not public, it is marked as implementation detail - in this case,
support for a property.

In your second class, can data afford
to be modified by anyone?

Obviously - just like in the first example.

Does doing that cause any corruption, bugs,
indiscrepancies in the system? You can't just throw code at me, out of
context, and tell me to choose which is better. It's just premature.

If you are unable to understand such a simple code then you are totally
clueless. Since your are obviously not totally clueless, it's just bad
faith from you. So I'm obviously wasting my time and bandwidth.

(snip)

Doesn't that fall under the "DO NOT DO THIS AT HOME KIDS" in the FAQ
section or somewhere?

Nope. It falls under the "dont do this unless you really need to and
know exactly what you are doing and accept all possible consequences -
IOW you're on your own" section.

I have never seen any Python code do that.

I have.

I will certainly reject code
like that in my project.
But if people do it without any ill effects,
good for them. I don't do it, I don't know any Python developer that
does.

Never heard of the sys._getframe() hack ?

There is. The name issues already afore-mentioned elsewhere.

Lol. The "name issue" you talk about is
1/ exactly a case of changing *interface*
2/ only due to the fact that you're confusing state with non-callable
attributes.

You enjoy pointing fingers, don't you?

Nope. But I refuse to be responsible for someone else's stupidity
(unless this 'someone else' happens to be my son).

You have to investigate it?


There you go again pointing fingers. It has to be the stupid idiotic
users fault.

Your words. Not mines. As far as I'm concerned, I can accept that some
change in the user's environment can impact my program - sometimes in
very very strange ways. I've had a case recently involving Trac, SQLite,
mod_python and PHP5.

Yeah, now you have 20/20 hindsight.

Of course - I cheated. At least with the last question. But FWIW, if my
app was pluggable and I had a similar case, one of the very first thing
I'd ask would be the detailed and exhaustive list of installed plugins.

I guess you haven't got bug reports that make you feel like shit.

No. I don't allow a bug report to "make me feel like shit". I sometimes
felt really dumb and sorry when I found out how evident the bug was, but
that's another problem.

(snip)

Developers extend your application in ways you hadn't originally
anticipated, thus exposing bugs.

I know, I do a lot of work on existing apps so they fit my customers needs.

And no, it's not the developers fault.

Which developper ? The author of the app, or the one extending it ?

I know that's where you are going. There are several reasons why this
can happen, including me not protecting object's state properly.

If you exposed as part of the interface some highly critical attribute
then yes, you are responsible. If it's the other developper messing with
your implementation, then it's by no way your responsability - but it
may be a sign that your code could need some support for a use case you
had not anticipated.

(snip)

(snip)
Yes, that.

Then you find Python complex and ugly. But what I find surprising is
that you could make a judgement on "my example" before I wrote it...


(snip)

Then I can't help you.

That's an understatement.

No, but I surprised some of the terms I use confuse you.

The only term that confused me was actually "contaminated".

Or why you
would question why anyone would need to use accessors.

Where did I question this ? Chapter and verse, please.

And that you
consider data hiding and encapsulation harmful and unnecessary.

I consider language-inforced access restriction as harmful and
unnecessary. And it has very few to do with encapsulation.

However, I'll give you the benefit of the doubt.

How nice from you. But given the views you expressed about "sound
software engineering principles" and your understanding of concepts such
as state, behaviour, coupling and encapsulation, please consider me as
definitively wasted.

I feel a lot more pain when I have to investigate bugs that I could
have prevented easily if only I had adhered to sound software
engineering principles as opposed to drinking philosophical Kool Aid.

Exactly. Here, the "sound software engineering principles" is to pay a
minimal attention to naming of interface elements, and the
"philosophical Kool Aid" confusing non-callable attributes with
implementation detail.

I'm in tune with most of Python's philosophies. But one needs to know
when to make exceptions as opposed to blindly reciting and following
ingrained mantras.

Exact once again. Here, the mantra is "state is data is private,
behaviour is method is public". That may be true for Smalltalk, but not
for Python.

 

[Dennis Lee Bieber]

Granted. Actually, it *was* a typo - but it happened to also make sens,
so I decided it was not a typo !-)

Ah... One of those "it's faster to just continue typing than to
break my flow and go backwards" moments. <G> (and I forgot to include
the <G> on my prior post)
--
Wulfraed Dennis Lee Bieber KD6MOG
(e-mail address removed) (e-mail address removed)
HTTP://wlfraed.home.netcom.com/
(Bestiaria Support Staff: (e-mail address removed))
HTTP://www.bestiaria.com/

 

[Ant]

Came across this article this afternoon - thought it may be of interest
to some of those following this thread...

http://www.devx.com/opensource/Article/31593/0/page/2

 

[Gerhard Fiedler]

class Foo(object):
@apply
def _imp():
def fget(self):
# code here
def fset(self, val):
# code here
return property(**locals())

@apply
def api():
def fget(self):
return self._imp
def fset(self, val):
raise SomeException('read-only, sorry')
return property(**locals())

Thanks a lot. This looks similar to what Steve Holden wrote. (And yes,
Steve, you understood exactly what I meant

My hunch is that this is what mystilleef might have wanted to say all
along; it looks quite similar to what he seemed to try to express. It's
basically the Python synonym of creating a public accessor (api) for a
private attribute (_imp) -- in this case to make the API read-only while
maintaining the implementation read-write, but I'm sure there are other
uses for such a structure.

Note that a read-only property named 'is_active' returning the value of
an attribute named '_is_active' doesn't prevent direct access to
'_is_active' attribute, neither from the class nor from the client code.

Right; I already understood that

I just thought one part of this whole thread was that accessors are not
necessary in Python. However, it seems that this case -- different
restrictions (or actions) for access from implementation vs through the API
(which is probably one of the most common reasons for using accessors in
other languages) -- in Python also can only be handled by adding a separate
accessor. (This of course in Python is implemented as a computed
attribute.)

The above illustrated technique doesn't look so different from a C++ or
Java code with public set/getApi() accessors acting on a private imp
attribute (or public set/getIsActive() accessors acting on a private
isActive attribute -- to use the other, similar example that operates with
the names this thread likes to use

Do I seem to understand this correctly?

Thanks,
Gerhard

 

[mystilleef]

This is definitively not a problem with "my solution". Python has *no*
access restriction. Anyone can do what he wants with any attribute of
your Python classes.


Whose access restriction is Joke.


Logical derivation from your above statement.


Make you understand why, in Python, it is *totally* useless to mark an
attribute as implementation and add read/write accessors to it. But it's
obviously hopeless.


They are not "private", they are implementation details - in this case,
support for a property.


It is not public, it is marked as implementation detail - in this case,
support for a property.


Obviously - just like in the first example.


If you are unable to understand such a simple code then you are totally
clueless. Since your are obviously not totally clueless, it's just bad
faith from you. So I'm obviously wasting my time and bandwidth.

(snip)

Nope. It falls under the "dont do this unless you really need to and
know exactly what you are doing and accept all possible consequences -
IOW you're on your own" section.


I have.


Never heard of the sys._getframe() hack ?


Lol. The "name issue" you talk about is
1/ exactly a case of changing *interface*
2/ only due to the fact that you're confusing state with non-callable
attributes.


Nope. But I refuse to be responsible for someone else's stupidity
(unless this 'someone else' happens to be my son).


Your words. Not mines. As far as I'm concerned, I can accept that some
change in the user's environment can impact my program - sometimes in
very very strange ways. I've had a case recently involving Trac, SQLite,
mod_python and PHP5.


Of course - I cheated. At least with the last question. But FWIW, if my
app was pluggable and I had a similar case, one of the very first thing
I'd ask would be the detailed and exhaustive list of installed plugins.


No. I don't allow a bug report to "make me feel like shit". I sometimes
felt really dumb and sorry when I found out how evident the bug was, but
that's another problem.

(snip)

I know, I do a lot of work on existing apps so they fit my customers needs.


Which developper ? The author of the app, or the one extending it ?


If you exposed as part of the interface some highly critical attribute
then yes, you are responsible. If it's the other developper messing with
your implementation, then it's by no way your responsability - but it
may be a sign that your code could need some support for a use case you
had not anticipated.

(snip)

Then you find Python complex and ugly. But what I find surprising is
that you could make a judgement on "my example" before I wrote it...


(snip)

That's an understatement.


The only term that confused me was actually "contaminated".


Where did I question this ? Chapter and verse, please.


I consider language-inforced access restriction as harmful and
unnecessary. And it has very few to do with encapsulation.


How nice from you. But given the views you expressed about "sound
software engineering principles" and your understanding of concepts such
as state, behaviour, coupling and encapsulation, please consider me as
definitively wasted.


Exactly. Here, the "sound software engineering principles" is to pay a
minimal attention to naming of interface elements, and the
"philosophical Kool Aid" confusing non-callable attributes with
implementation detail.


Exact once again. Here, the mantra is "state is data is private,
behaviour is method is public". That may be true for Smalltalk, but not
for Python.

You win!

Bye all, and thanks for your time and insights.

Cheers

 

[Ed Jensen]

Now THAT was an important information RIGHT on topic.

It was not meant offensively.

For somebody nitpicking on natural language usage to a non-native
speaker, you show an impressive lack of knowledge in the actual subject
discussed.

Again: It was not meant offensively.

Maybe you can try turning the flames down a bit.

http://www.onjava.com/pub/a/onjava/2003/11/12/reflection.html

Does that approach work on sealed jars as well? I would imagine any
jars that need any kind of "real" security would be sealed...

 

[Bruno Desthuilliers]

Diez B. Roggisch a écrit :

Neat!
http://wiki.python.org/moin/PythonDecoratorLibrary

That slipped my attention over all this noisy and pointless
discussion...

indeed.

 

[Bruno Desthuilliers]

Gerhard Fiedler a écrit :

Thanks a lot. This looks similar to what Steve Holden wrote.

It's of course based on the same principle - which I bet is a very
common pattern in Python[1]. The main difference with Steve's code is
that I took your requirement almost to the letter: there are actually 2
properties, one marked as implementation and read/write, the other
public and read-only returning the value of the first one.


[1] could almost justify a PEP for a builtin ReadOnlyAttribute descriptor...

(And yes,
Steve, you understood exactly what I meant

My hunch is that this is what mystilleef might have wanted to say all
along; it looks quite similar to what he seemed to try to express. It's
basically the Python synonym of creating a public accessor (api) for a
private attribute (_imp) --

It's probably the primary use case for properties. But it would be
definitively useless to do so if what you want is read-write access.

in this case to make the API read-only while
maintaining the implementation read-write,

read-write but computed. The most common case (where the r/w
implementation attribute needs no computation) is solved by Steve's example.

but I'm sure there are other
uses for such a structure.





Right; I already understood that

I just thought one part of this whole thread was that accessors are not
necessary in Python.

they are not necessary for full read-write access to an existing attribute.

However, it seems that this case -- different
restrictions (or actions) for access from implementation vs through the API
(which is probably one of the most common reasons for using accessors in
other languages) -- in Python also can only be handled by adding a separate
accessor. (This of course in Python is implemented as a computed
attribute.)

The above illustrated technique doesn't look so different from a C++ or
Java code with public set/getApi() accessors acting on a private imp
attribute (or public set/getIsActive() accessors acting on a private
isActive attribute -- to use the other, similar example that operates with
the names this thread likes to use

The two mains differences are:
- no need to write the accessors if all they do is get/set a variable
- keep an attribute access syntax

Else, no, there's no fundamental difference.

Do I seem to understand this correctly?

Looks like.

 

[Bruno Desthuilliers]

Dennis Lee Bieber a écrit :

Ah... One of those "it's faster to just continue typing than to
break my flow and go backwards" moments. <G>

Almost... I noticed it while re-reading.

(and I forgot to include
the <G> on my prior post)

We won't hold it against you !-)

 

[Bruno Desthuilliers]

Ant a écrit :

Came across this article this afternoon - thought it may be of interest
to some of those following this thread...

http://www.devx.com/opensource/Article/31593/0/page/2

Yeah. Presenting name mangling as the usual way to have 'private'
attributes, then implementing (costly) access restriction by using... an
implementation detail of the sys module. Great.

 

[fuzzylollipop]

Java is not an acronym. That is: it's "Java", not "JAVA".


Java does not allow access to private members via reflection.

Actually it does.

 

[Diez B. Roggisch]

It was not meant offensively.
Ok.



Again: It was not meant offensively.

Maybe you can try turning the flames down a bit.

I'll try.

Does that approach work on sealed jars as well? I would imagine any
jars that need any kind of "real" security would be sealed...

Well, lets put it like this: I work for a Java (see, I'm capable of
learning... ) shop. We deploy pretty large clustered J2EE thingies. In
the last five years working there, I never once produced a sealed jar.

And actually the use-case for a sealed jar is to allow _more_ in an
otherwise restricted environment.

Which puts us to the next question: the sealing itself doesn't do
anything to restrict the code, the SecurityManager does. Which AFAIK is
something hooked into the VM. Now, I'm not on sure grounds here on how
to altere its behaviour, but I'd say if we're talking me working on a
secure application that introduces its own SecurityManager, I'm still
the one in control. I could use your lib, turn off privacy, and fiddle
around.

If things were the other way round, and I'd have to work in a restricted
context, it actually might be that someone restricted private access
(because he owns the VM!). But then - he'd also be able to forbid
threading or file access or all kinds of things that I'd otherwise be
used to work with which will suddenly make my code burst in flames.

And if we are honest: the most problematic cases of abused code arenÄT
the ones of strangers exploiting your code, but instead your fellow
coders at the other department. Which most probably means that they
aren't restrained by security management anyway.

To summarize: it might be possible to jump through a few hoops to
increase the security. But in 99.9% of cases this doesn't happen, as it
would increase complexity by orders of magnitude - for a comparatively
small gain (talking about private declarations. The sandbox-restrictions
of Java for running applets certainly are worth it).

Diez

 

[Ed Jensen]

Which puts us to the next question: the sealing itself doesn't do
anything to restrict the code, the SecurityManager does. Which AFAIK is
something hooked into the VM. Now, I'm not on sure grounds here on how
to altere its behaviour, but I'd say if we're talking me working on a
secure application that introduces its own SecurityManager, I'm still
the one in control. I could use your lib, turn off privacy, and fiddle
around.

If things were the other way round, and I'd have to work in a restricted
context, it actually might be that someone restricted private access
(because he owns the VM!). But then - he'd also be able to forbid
threading or file access or all kinds of things that I'd otherwise be
used to work with which will suddenly make my code burst in flames.

And if we are honest: the most problematic cases of abused code aren't
the ones of strangers exploiting your code, but instead your fellow
coders at the other department. Which most probably means that they
aren't restrained by security management anyway.

To summarize: it might be possible to jump through a few hoops to
increase the security. But in 99.9% of cases this doesn't happen, as it
would increase complexity by orders of magnitude - for a comparatively
small gain (talking about private declarations. The sandbox-restrictions
of Java for running applets certainly are worth it).

Interesting stuff! And thanks for the link from your earlier post.

Where I work, this little discovery will actually help us stop jumping
through some hoops we've been jumping through to unit test private
methods.

It also gives us more to think about since we had been assuming
private could not be circumvented.

Thanks Diez.