On Fri, 31 Aug 2001, Paul Brannan wrote: > On Fri, 31 Aug 2001, David Alan Black wrote: > > > Hello -- > > > > The part I don't get, as a general matter, is why #send gets to bypass > > the access rules. Of course #send itself is a public method. The > > weird part is that if it sends the name of a private method, that > > method acts public. > > Both dRb and ROMP use __send__ to pass messages from a socket to an > object. This is very convenient, but what it means is that in order for > access control to work properly, they would have to do their own checking > for whether a given method is public or private (and that means a decrease > in speed). Neither library does access checking before calling __send__, > so dRb authors must be careful to not put private or protected methods > into any objects that get published. > > As a test, I modified the stock drbs.rb that comes with dRb to have all > methods private, and the program still ran as expected. This is not > something that Ruby authors should have to worry about. It's good to know about though, since it seems to mean that access rules can be easily circumvented. Not that they are otherwise ironclad... but this behavior of #send did occasion, for me, a bit of (dare I say it?) surprise :-) David -- David Alan Black home: dblack / candle.superlink.net work: blackdav / shu.edu Web: http://pirate.shu.edu/~blackdav