Date: Mon, 17 Feb 2025 15:17:01 +0530
Well, I think that you are being defensive.
Please accept that this is a weakness of C++ because 'private' keyword is
basically useless.
You can say that its not allowed but you can't force it on anyone.
Hackers can take advantge of it. Bad people can take advantage of it.
Regards,
Amit
On Mon, Feb 17, 2025, 3:12 PM Bo Persson via Std-Discussion <
std-discussion_at_[hidden]> wrote:
> On mån 2025-02-17 at 10:33, Amit via Std-Discussion wrote:
> > C++ language has a big security hole. You can change the values of the
> > private member variables directly by getting the pointer to the
> > object. So, private member variables are actually not private, they
> > are public. Below is the example code:
> >
> >
> --------------------------------------------------------------------------------
> >
> > #include <iostream>
> >
> > using namespace std;
> >
> > class MyClass
> > {
> >
> > private:
> > int i;
> > int j;
> >
> > public:
> > MyClass(int a, int b)
> > {
> > i = a;
> > j = b;
> > }
> >
> > void print_data()
> > {
> > cout << endl;
> > cout << "i = " << i << ", j = " << j;
> > }
> >
> > }; // end of class MyClass
> >
> > int main(void)
> > {
> >
> > MyClass myobj(1, 4);
> >
> > myobj.print_data();
> >
> > MyClass *m = &myobj;
> >
> > int *i_ptr = (int *)(m);
> > int *j_ptr = i_ptr + 1;
> >
> > *i_ptr = 10;
> > *j_ptr = 2
> <https://www.google.com/maps/search/_ptr+%3D+2?entry=gmail&source=g>0;
> >
> > myobj.print_data();
> >
> > cout << endl << endl;
> >
> > return 0;
> >
> > } // end of function main()
> >
> >
> --------------------------------------------------------------------------------
> >
> > The output is:
> >
> > i = 1, j = 4
> > i = 10, j = 20
> >
> > So, you see that the values of the private member variables ('i' and
> > 'j') were changed directly by using pointers. So, the 'private'
> > keyword actually didn't serve its purpose.
> >
>
> You are not allowed to do that, the code is invalid.
>
> However, you can change myobj anyway by just assigning new values, like
>
> myobj = MyClass(10, 20);
>
> so not a big deal.
>
>
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
Please accept that this is a weakness of C++ because 'private' keyword is
basically useless.
You can say that its not allowed but you can't force it on anyone.
Hackers can take advantge of it. Bad people can take advantage of it.
Regards,
Amit
On Mon, Feb 17, 2025, 3:12 PM Bo Persson via Std-Discussion <
std-discussion_at_[hidden]> wrote:
> On mån 2025-02-17 at 10:33, Amit via Std-Discussion wrote:
> > C++ language has a big security hole. You can change the values of the
> > private member variables directly by getting the pointer to the
> > object. So, private member variables are actually not private, they
> > are public. Below is the example code:
> >
> >
> --------------------------------------------------------------------------------
> >
> > #include <iostream>
> >
> > using namespace std;
> >
> > class MyClass
> > {
> >
> > private:
> > int i;
> > int j;
> >
> > public:
> > MyClass(int a, int b)
> > {
> > i = a;
> > j = b;
> > }
> >
> > void print_data()
> > {
> > cout << endl;
> > cout << "i = " << i << ", j = " << j;
> > }
> >
> > }; // end of class MyClass
> >
> > int main(void)
> > {
> >
> > MyClass myobj(1, 4);
> >
> > myobj.print_data();
> >
> > MyClass *m = &myobj;
> >
> > int *i_ptr = (int *)(m);
> > int *j_ptr = i_ptr + 1;
> >
> > *i_ptr = 10;
> > *j_ptr = 2
> <https://www.google.com/maps/search/_ptr+%3D+2?entry=gmail&source=g>0;
> >
> > myobj.print_data();
> >
> > cout << endl << endl;
> >
> > return 0;
> >
> > } // end of function main()
> >
> >
> --------------------------------------------------------------------------------
> >
> > The output is:
> >
> > i = 1, j = 4
> > i = 10, j = 20
> >
> > So, you see that the values of the private member variables ('i' and
> > 'j') were changed directly by using pointers. So, the 'private'
> > keyword actually didn't serve its purpose.
> >
>
> You are not allowed to do that, the code is invalid.
>
> However, you can change myobj anyway by just assigning new values, like
>
> myobj = MyClass(10, 20);
>
> so not a big deal.
>
>
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
Received on 2025-02-17 09:47:15