On Fri, Apr 12, 2002 at 02:05:09AM +0900, Sean Middleditch wrote:
> On Thu, 2002-04-11 at 12:59, ts wrote:
> > >>>>> "S" == Sean Middleditch <elanthis / awesomeplay.com> writes:
> > 
> > S> Ah, I see.  ^,^  So, then, is this a "security bug" in Ruby, or by
> > 
> >  not a security bug
> 
> Well, if you cannot operate on the object normally, and eval() does let
> you operate on it, then does that not circumvent the protection scheme,
> which is a "security bug."  (Note the quotes.)

Ruby's protection scheme is not intended to procted the encapsulated
data from all "wrong" access.  This is true of many object oriented
langauages.  Private data is just mostly private. Note that you can also
access private/protected methods using send. Access using send or eval
may indicate that you might wish to redesign your objects, but may
just be a one time need.

Note that C++ has the friend keyword that does something similiar. Its
just with ruby you always have friends ;).  Last time I looked, Python had 
a similiar "security bug" via __dict__.

-- 
Alan Chen
Digikata LLC
http://digikata.com