names [Was: Approach of new Object methods in ES5]
dherman at mozilla.com
Sat Apr 17 09:01:48 PDT 2010
> But I meant not only naming convention, but that by this naming
> convention this properties (symbols) will be hidden -- just like in
> Python, when "_" and "__" properties become unavailable outside...
You still haven't specified what "outside" means. What does get to see a hidden name and what doesn't?
> Then I have to see more examples.
1) Publishing private names ruins abstraction
Let's say you create a library and share it with some people. Then in version 2 of your library, you introduce a new feature, which uses an internal private property called "count". One of your clients figures out that you used this private name and writes a blog post saying "hey, if you want to figure out whether the library is greater than version 1, just look for a private member variable called 'count'!"
Now you have 100,000 clients depending on the fact that you have a private property called "count." You decide for version 3 that you'd rather call it "elementCount" but you can't get rid of the private name because your customers have already relied on it.
2) Publishing private names creates namespace pollution
Library A adds a private "count" property to some shared object.
Library B also adds a private "count" property to the same object.
They are both developed separately.
Now Client C wants to use both Library A and Library B. Let's arbitrarily say it adds A first, then B. Library B fails with an error because it tries to use the private "count" property, which it doesn't have access to because Library A already claimed it.
> And nevertheless, encapsulation in
> its main purpose -- is increasing of abstraction. But you're talking about
> already *security* hiding.
Absolutely not. What I'm talking about is abstraction, *not* security. The purpose of abstraction is to support modularity, i.e., to eliminate dependencies between separate units of modularity so that their implementations are free to change. If you publish your private names, you create a point of dependency between modules and make it harder to change code. None of this is talking about security.
Of course, publishing private names is bad for security as well!
More information about the es-discuss