Underscore data hiding (was python development practices?)

[Martijn Faassen]

Paul Rubin <phr-n2001d at nightsong.com> wrote:
> m.faassen at vet.uu.nl (Martijn Faassen) writes:
>> Data hiding isn't there to prevent evil programmers from doing evil
>> things anyway; it's there to communicate intent and to prevent people
>> from tripping over problems. 

> That's true a lot of the time, but it's not universally true.  In java
> for example, data hiding is definitely intended to thwart evil
> programmers, and any failure of the data hiding is considered a
> security bug requiring an immediate patch.  The closest Python has to
> that is the rexec mechanism.  I'd like it a lot if Python extended
> such protection to private instance variables.

Well, I see this as a different mechanism. I don't see data hiding itself
as a security mechanism; it is an abstraction mechanism. I realize Java
combines the two, but Python doesn't.

Zope's through the web security model for instance features security
rather separate from data hiding; you can't access attributes that 
start with an underscore in through the web code. Other attributes can
be private or public depending on security declarations (besides the
brokeness that methods without docstring will automatically be considered
private).

I think there's an advantage in having your security infrastructure be
separate from your data hiding mechanism; it leads to less programmer
overhead in the abundant cases where such strict security is not necessary.
It also leaves one up to devise ones own security system that is more
suited to the needs at hand.

Regards,

Martijn
-- 
History of the 20th Century: WW1, WW2, WW3?
No, WWW -- Could we be going in the right direction?