All geek questions in one place

Does variable privacy have anything to do with security or just for easy programming?

For many years I have been programming, and I think I even understand the difference between public, private and protected for the most part, but are these names just misleading? Are these levels of visibility just to help us not travel on our fingers? Many of the languages ​​that I programmed do not seem to apply most of these rules, and I never heard of a hacker breaking into the system because one of your variables was not marked as confidential.

I would like to know that it bothered me for many years.

+4
source share
3 answers

A hacker can access a private variable if they can correctly calculate the memory offsets. Not too complicated.

These access controls cover a wider and usually different class of errors. Better encapsulation simplifies code and simplifies reasoning, which clears the way for detecting other errors that are security issues. (That is, it indirectly helps security.)

Code that is harder to break down for its intended purpose is probably harder to break accidentally too :-)

+6
source

Access specifiers are a means to order source code, not a security feature.

Since class member variables are defined in your own code, they can be accessed in several ways (pointers, macros) regardless of access specifiers.

+2
source

If you are creating a library for other users, you want to open the API and hide everything else. You don't need undocumented "features" everywhere. This can lead to all kinds of errors, and they, in turn, can create security holes.

Even if the code is not for someone else, it's easy enough to forget and overturn yourself by assigning something from what you intended, or thinking that a variable means one when it means another.

So, the short answer is that it’s just a programming convenience, but these programming aids can help you create more reliable and secure code.

+1
source

Source: https://habr.com/ru/post/1389258/

More articles:


All Articles