Is public by default an unsafe default?
Bastiaan Veelo
Bastiaan at Veelo.net
Thu May 2 17:22:25 UTC 2024
On Thursday, 2 May 2024 at 08:05:32 UTC, NotYouAgain wrote:
> I was of course referring to API's in the sense the 'safety'
> extends to more than just memory safety. I'm sure you would
> agree here.
>
> In any case, the abstract notion of safety was the inherent
> topic for this discussion, not memory safety.
>
> So referring back to the Subject: "Is public by default an
> unsafe default?"
No.
> I'd have to say yes, it is, because the surface for accidents
> (and attacks) is bigger than what it would otherwise have been.
For attacks definitely not.
There is nothing that a systems level programming language can do
to prevent a creative programmer from accessing the private parts
of an API (we are not talking about web APIs). Just mirror the
data definition with the `private` keyword removed, and cast the
instance to the new definition. With D's introspection
capabilities it is even easier than that.
So accessibility attributes have nothing to do with security,
they are simply a means to manage binary compatibility between
different releases of a library and as an aid to reason about
code (assuming you have no one in your team doing tricks like the
above).
Believing that accessibility attributes have any significance
regarding security is dangerous.
-- Bastiaan.
More information about the Digitalmars-d
mailing list