Hi --

On Thu, 10 Apr 2008, Hexren wrote:

> David A. Black wrote:
>> 
>> A writable attribute is different from a mutable object. You can't set
>> the attribute to a new object, but the read operation does expose the
>> object behind the attribute -- so if that object is mutable, you can
>> mutate it.
>
> And that doesnt sound strange to you ?

No, not at all. That's the way objects work. The question of what you
do to an object is completely separate from the question of whether a
given method returns that object.

> I see why the stuff is writable in a technical sense.
>
> However that is not changing my opinion: Something called "attr_reader :foo" 
> should not allow somebody to write to "private @foo".

The phrase "write to 'private @foo'" is a bit sprawling :-) You're
bundling two very different things -- the existence of a foo= method,
and the mutability of the object bound to @foo -- into one word
("writable"), and it really doesn't carry both of those connotations.

> And if it does make something writable it should say so in the api doc and 
> not hope that everybody catches that fact by glancing at the example in the 
> doc.

It's not something you have to catch; the behavior is absolutely in
conformity and compliance with the most basic rules of how Ruby
objects work.

> Which btw: is for the other case "writable=true".

If the docs said that attr_reader created a "writable" attribute, that
would be an error. It creates a readable attribute only. It's in the
nature of Ruby objects that once you've got hold of them, by whatever
means, you can send messages to them. The object doesn't "know" that
your access to it was through a method wrapped around an instance
variable to which it was bound.

There's definitely a vulnerability in this -- meaning, it pays to be
careful about which objects you expose, and how. (Paul Brannan first
pointed this out to me, as we were walking to a restaurant in Seattle
during RubyConf 2002, and apparently it made an impression :-) But the
read/write terminology is not about mutable objects. attr_reader
doesn't mean that the object is immutable, and attr_writer doesn't
mean that it isn't.


David

-- 
Rails training from David A. Black and Ruby Power and Light:
   ADVANCING WITH RAILS   April 14-17          New York City
   INTRO TO RAILS         June 9-12            Berlin
   ADVANCING WITH RAILS   June 16-19           Berlin
See http://www.rubypal.com for details and updates!