A few questions and suggestions.

Thiago Silva tsilva at sourcecraft.info
Mon May 7 07:47:52 PDT 2007

Hello Lars,

On 5/7/07, Lars T Hansen <lth at acm.org> wrote:
> On 4/30/07, Thiago Silva <tsilva at sourcecraft.info> wrote:
> > *** Access control
> >
> > It is of my understanding that access control will be implemented
> > using namespaces, as explained in:
> > http://developer.mozilla.org/e​s4/spec/chapter_9_classes.html#​access_control_namespace_attrib​utes
> >
> > So I ask: What about being able to define a namespace for an object's
> > property without using the class declaration?  What I'm really looking
> > for is a way to define access control without being forced to use the
> > new class declaration. For instance, something equivalent to:
> >
> > private o.foo = "bar" //property "foo" is defined as private
> Based on this and your previous message I think what you're suggesting
> is that lookup though "this" should somehow be privileged (more like
> "protected" than "private"), so that "external" lookups cannot see all
> the properties that "internal" lookups can.  Is that right?

Yes, that's right. I'm sorry about the poor example I gave.

> [...]
> (However, since packages can't be sealed it is still possible for the
> attacker to put new code into Bank, just like it's possible to
> subclass non-final classes to get at "protected" methods and data.  So
> the trick mostly works against accidental problems, not determined
> attacks.)

Yes, accidental problems are my big concern.
Thanks a lot for your examples.

Thiago Silva,
mailto: tsilva at sourcecraft.info
jabber: tsilva at jabber.org

More information about the Es4-discuss mailing list