Date: Mon, 17 Feb 2025 11:07:34 +0100
On 17.02.25 10:33, Amit via Std-Discussion wrote:
> C++ language has a big security hole.
Just one?
Jokes aside, C++ has lots of security issues, many of which are
currently actively being worked on.
This one is not one of them.
The thing is that Encapsulation using public/private is not supposed to
be a Security mechanism,
but a tool for code organization. This is not even C++ specific, Many
major languages allow access
to private members by taking some detour or the other
(in Python and JS access control is basically just a naming convention,
in Java you can use reflection, etc ..)
Being able to circumvent it in some way or another (with or without
utilizing UB in the process) does
not make it useless. It still helps to keep programs organized by
keeping programmers from using
the data or functions by accident or negligence.
> You can change the values of the
> private member variables directly by getting the pointer to the
> object. So, private member variables are actually not private, they
> are public. Below is the example code:
>
> --------------------------------------------------------------------------------
>
> #include <iostream>
>
> using namespace std;
>
> class MyClass
> {
>
> private:
> int i;
> int j;
>
> public:
> MyClass(int a, int b)
> {
> i = a;
> j = b;
> }
>
> void print_data()
> {
> cout << endl;
> cout << "i = " << i << ", j = " << j;
> }
>
> }; // end of class MyClass
>
> int main(void)
> {
>
> MyClass myobj(1, 4);
>
> myobj.print_data();
>
> MyClass *m = &myobj;
>
> int *i_ptr = (int *)(m);
> int *j_ptr = i_ptr + 1;
>
> *i_ptr = 10;
> *j_ptr = 20;
>
> myobj.print_data();
>
> cout << endl << endl;
>
> return 0;
>
> } // end of function main()
>
> --------------------------------------------------------------------------------
>
> The output is:
>
> i = 1, j = 4
> i = 10, j = 20
>
> So, you see that the values of the private member variables ('i' and
> 'j') were changed directly by using pointers. So, the 'private'
> keyword actually didn't serve its purpose.
>
> Regards,
> Amit
> C++ language has a big security hole.
Just one?
Jokes aside, C++ has lots of security issues, many of which are
currently actively being worked on.
This one is not one of them.
The thing is that Encapsulation using public/private is not supposed to
be a Security mechanism,
but a tool for code organization. This is not even C++ specific, Many
major languages allow access
to private members by taking some detour or the other
(in Python and JS access control is basically just a naming convention,
in Java you can use reflection, etc ..)
Being able to circumvent it in some way or another (with or without
utilizing UB in the process) does
not make it useless. It still helps to keep programs organized by
keeping programmers from using
the data or functions by accident or negligence.
> You can change the values of the
> private member variables directly by getting the pointer to the
> object. So, private member variables are actually not private, they
> are public. Below is the example code:
>
> --------------------------------------------------------------------------------
>
> #include <iostream>
>
> using namespace std;
>
> class MyClass
> {
>
> private:
> int i;
> int j;
>
> public:
> MyClass(int a, int b)
> {
> i = a;
> j = b;
> }
>
> void print_data()
> {
> cout << endl;
> cout << "i = " << i << ", j = " << j;
> }
>
> }; // end of class MyClass
>
> int main(void)
> {
>
> MyClass myobj(1, 4);
>
> myobj.print_data();
>
> MyClass *m = &myobj;
>
> int *i_ptr = (int *)(m);
> int *j_ptr = i_ptr + 1;
>
> *i_ptr = 10;
> *j_ptr = 20;
>
> myobj.print_data();
>
> cout << endl << endl;
>
> return 0;
>
> } // end of function main()
>
> --------------------------------------------------------------------------------
>
> The output is:
>
> i = 1, j = 4
> i = 10, j = 20
>
> So, you see that the values of the private member variables ('i' and
> 'j') were changed directly by using pointers. So, the 'private'
> keyword actually didn't serve its purpose.
>
> Regards,
> Amit
Received on 2025-02-17 10:07:37