A few questions and suggestions.

Lars T Hansen lth at acm.org
Mon May 7 04:20:22 PDT 2007 

On 4/30/07, Thiago Silva <tsilva at sourcecraft.info> wrote:

> *** Access control
>
> It is of my understanding that access control will be implemented
> using namespaces, as explained in:
> http://developer.mozilla.org/e​s4/spec/chapter_9_classes.html#​access_control_namespace_attrib​utes
>
> So I ask: What about being able to define a namespace for an object's
> property without using the class declaration?  What I'm really looking
> for is a way to define access control without being forced to use the
> new class declaration. For instance, something equivalent to:
>
> private o.foo = "bar" //property "foo" is defined as private

Based on this and your previous message I think what you're suggesting
is that lookup though "this" should somehow be privileged (more like
"protected" than "private"), so that "external" lookups cannot see all
the properties that "internal" lookups can.  Is that right?

Example:

  function Account(initial) {
    this.balance = initial
  }
  Account.prototype = {
  withdraw: function (n) {
                  if (this.balance < n) throw new OverdrawnError;
                  this.balance -= n;
                },
  deposit: function (n) { this.balance += n }
  }

  var  a = new Account(100)

The problem is that anyone can access the account a and manipulate the
balance: "a.balance += 2000", and you'd like to hide the balance so
that only withdraw and deposit can access it, and you want to do that
without using classes.

You should be able to do something like what you want using namespaces
and packages:

  package Bank {
    namespace ns;

    public function Account(initial) {
      this.ns::balance = initial
    }
    Account.prototype = {
    withdraw: function (n) {
                if (this.ns::balance < n) throw new OverdrawnError;
                this.ns::balance -= n;
              },
    deposit: function (n) { this.ns::balance += n }
    }
  }

Now a client would import the Bank package and use the public Account
function to create the account:

  import Bank.*;
  var a = new Account(100)

but the namespace "ns" is hidden and can't be forged by code outside
the Bank package, so your money should be secure.

(However, since packages can't be sealed it is still possible for the
attacker to put new code into Bank, just like it's possible to
subclass non-final classes to get at "protected" methods and data.  So
the trick mostly works against accidental problems, not determined
attacks.)

--lars

More information about the Es4-discuss mailing list