A few questions and suggestions.
Thiago Silva
tsilva at sourcecraft.info
Mon May 7 07:47:52 PDT 2007
Hello Lars,
On 5/7/07, Lars T Hansen <lth at acm.org> wrote:
> On 4/30/07, Thiago Silva <tsilva at sourcecraft.info> wrote:
>
> > *** Access control
> >
> > It is of my understanding that access control will be implemented
> > using namespaces, as explained in:
> > http://developer.mozilla.org/es4/spec/chapter_9_classes.html#access_control_namespace_attributes
> >
> > So I ask: What about being able to define a namespace for an object's
> > property without using the class declaration? What I'm really looking
> > for is a way to define access control without being forced to use the
> > new class declaration. For instance, something equivalent to:
> >
> > private o.foo = "bar" //property "foo" is defined as private
>
> Based on this and your previous message I think what you're suggesting
> is that lookup though "this" should somehow be privileged (more like
> "protected" than "private"), so that "external" lookups cannot see all
> the properties that "internal" lookups can. Is that right?
Yes, that's right. I'm sorry about the poor example I gave.
> [...]
> (However, since packages can't be sealed it is still possible for the
> attacker to put new code into Bank, just like it's possible to
> subclass non-final classes to get at "protected" methods and data. So
> the trick mostly works against accidental problems, not determined
> attacks.)
>
Yes, accidental problems are my big concern.
Thanks a lot for your examples.
--
Thiago Silva,
mailto: tsilva at sourcecraft.info
jabber: tsilva at jabber.org
http://sourcecraft.info/blog
More information about the Es4-discuss
mailing list