w = Widget.new # Create a Widget w.send :utility_method # Invoke private method! w.instance_eval { utility_method } # Another way to invoke it w.instance_eval { @x } # Read instance variable of w
Looking at the example above, which refers to the Widget class (below), the send and instance_eval methods violate all the security measures provided by private and protected visibility. If so, then why bother with confidential and secure access in Ruby, since there is no guarantee that your definitions will be followed?
class Widget def x # Accessor method for @x @x end protected :x # Make it protected def utility_method # Define a method nil end private :utility_method # And make it private end
If you really want to protect instances Widget, you can do this (and a bunch of other things, the code here is not a complete security solution, just indicative):
Widget
class Widget def some_public_method ... end private def utility_method ... end def send(method, *args, &block) raise NotImplementedError.new('Widget is secure. Stop trying to hack me.') end def instance_eval(&block) raise NotImplementedError.new('Widget is secure. Stop trying to hack me.') end class <<self private def class_eval(&block) raise NotImplementedError.new('Widget is secure. Stop trying to hack me.') end end end Widget.freeze
, , . - , , , . , , , , , - , , , .
, - rep:/.
, send - __ send __ ( , , "", , ), , . __ __ . , :
class Widget def send(method, *args, &block) super end #and so on end
Ruby 1.9 : #send , __ send __ .
private Ruby : , , , API. . , - .
, , API- Widget.
: .
Ruby, Python, . - , , - . Ruby .
? . , ; ndash; , . , , Ruby.
Java has a reflection. C ++ has pointers. Even Haskell has unsafePerformIO. If you want to protect your program, you need to protect it at the operating system level, without using a language.