lang icon indicating copy to clipboard operation
lang copied to clipboard
verified publisher icon amitassaraf

enforce_private unprotected from pickpockets

Open MostAwesomeDude opened this issue 10 years ago • 0 comments

An unscrupulous pickpocket can reach out and nab private members easily. Assume a module box with:

from lang.access import enforce_private
@enforce_private
class Box(object):
    def __init__(self):
        self._cheese_ = 42

Then, at the REPL:

>>> import box
>>> b = box.Box()
>>> vars(b)["_cheese_"]
42
>>> b.__dict__["_cheese_"]
42

This attack is mitigated by the use of __slots__, on Python interpreters which support slotted classes, but see #4 for something more durable.

Edit: Slots.

MostAwesomeDude avatar Feb 13 '16 19:02 MostAwesomeDude