Python: Access Control

Python: Access Control

• 1.
  Access Control Damian Gordon
• 2.
  Access Control • Inmost other object-orientated programming languages, methods and attributes of an object can be classified as: – PRIVATE: Meaning only the object can access it. – PROTECTED: Meaning only that class and sub-classes can access it. – PUBLIC: Meaning any other object can access it.
• 3.
  Access Control • Inmost other object-orientated programming languages, methods and attributes of an object can be classified as: – PRIVATE: Meaning only the object can access it. – PROTECTED: Meaning only that class and sub-classes can access it. – PUBLIC: Meaning any other object can access it.
• 4.
  Access Control • Pythondoesn’t work like that! • If want to make a method or attribute private, the easiest way of doing it is to add a comment in the docstrings at the start of the class indicating which methods or attributes are for internal use only.
• 5.
  Access Control • Nonetheless,by convention, if we prefix a method or attribute with a single underscore ( _ ) we are telling everyone that this method or attribute should not be used by other objects except in the most dire circumstances. • But there is nothing in the interpreter to stop external objects from access a method or attribute with an underscore ( _ ).
• 6.
  Access Control • Nonetheless,by convention, if we prefix a method or attribute with a single underscore ( _ ) we are telling everyone that this method or attribute should not be used by other objects except in the most dire circumstances. • But there is nothing in the interpreter to stop external objects from access a method or attribute with an underscore ( _ ).
• 7.
  Access Control • Ifwe want to more strongly suggest that the methods or attributes are for internal use only we can use a double- underscore ( _ _ ) which means Python will try a little harder to make it private, but still… • Let’s look at an example:
• 8.
  Access Control class SecretString: ‘‘‘Anot-at-all secure way to store a secret string.’’’ def __init__(self, plain_string, pass_phrase): self.__plain_string = plain_string self.__pass_phrase = pass_phrase # End __init__ Continued 
• 9.
  Access Control def decrypt(self,pass_phrase): '''Only show the string if the pass_phrase is correct.''' if pass_phrase == self.__pass_phrase: # THEN return self.__plain_string else: return '' # Endif; # End decrypt. # End Class.  Continued
• 10.
  Access Control >>> secret_string= SecretString("ACME: Top Secret", “secretpass") >>> print(secret_string.decrypt("secretpass")) ACME: Top Secret
• 11.
  Access Control >>> print(secret_string.__plain_string) Traceback(most recent call last): File "<pyshell#9>", line 1, in <module> print(secret_string.__plain_string) AttributeError: 'SecretString' object has no attribute '__plain_string‘ >>> print(secret_string.plain_string) Traceback (most recent call last): File "<pyshell#10>", line 1, in <module> print(secret_string.plain_string) AttributeError: 'SecretString' object has no attribute 'plain_string'
• 12.
  Access Control >>> print(secret_string._SecretString__plain_string) ACME: Top Secret BUT:
• 13.
  Access Control • OK,so the double underscore won’t 100% guarantee that a method or attribute can’t be accessed by another class, but it does make it more awkward: secret_string._SecretString_ _plain_string • And should be sufficient to discourage other programmers for using objects you wish to keep internal.
• 14.
  etc.