Private data

Steven D'Aprano steve at REMOVE.THIS.cybersource.com.au
Sun Mar 18 08:06:34 EDT 2007 

On Sat, 17 Mar 2007 09:31:01 -0700, Dustan wrote:

> http://dustangroups.googlepages.com/privateattributesinpython
> 
> This is something that I just threw together this morning, after a
> eureka moment. It's a way of creating private class attributes and
> static function variables (I'm not 100% sure if that's the correct
> terminology, but you get what I mean). I haven't tried to create
> private instance attributes, mainly because it would just be too
> difficult, and it would be awful syntax. I'm not considering actually
> using this, but I do have a couple questions about it.
> 
> 1. Has anyone else ever come up with something like this? I can't
> imagine I'm the only person who's ever thought of this.

I've never seen anything like this before, but then I haven't gone looking
for anything like this.



> 2. Is it possible to hack into something like this? ie, would it be
> possible to see and change these variables from client code (assuming
> the data manager has been properly removed from sight, as shown on the
> last line of class block TestPrivateClassAttributes)?

Yes.

First, an example of the code in action.

>>> import PrivateAttributes
>>> obj = PrivateAttributes.TestPrivateClassAttributes()
>>> obj.getNumInstances()
1
>>> another = PrivateAttributes.TestPrivateClassAttributes()
>>> obj.getNumInstances()
2
>>> athird = PrivateAttributes.TestPrivateClassAttributes()
>>> athird.getNumInstances()
3

The getNumInstances method reports the number of instances of the
PrivateAttributes class. There's no obvious class attribute where this
count is being kept:

>>> obj.__class__.__dict__.keys()
['__module__', 'getNumInstances', '__dict__', '__weakref__', '__doc__',
'__init__']


Here's how to hack it, and make it report wrong numbers.

>>> c = obj.getNumInstances.func_closure
>>> c[1].cell_contents.numInstances = -300
>>> 
>>> athird.getNumInstances()
-300
>>> afourth = PrivateAttributes.TestPrivateClassAttributes()
>>> athird.getNumInstances()
-299

So yes, it is absolutely hackable.

Now, I'm hardly a Python guru, but in about fifteen minutes I followed the
trail through the object chain, and found how to hack this. An real guru
would probably do it in three minutes.

I was helped a bit by having the source code. But even without the source
code, I reckon I could have done it in an hour or so, if I was motivated
enough. All the tools you need are a Python interactive session, the dir()
function and the dis module.



-- 
Steven

More information about the Python-list mailing list