Well, I don’t know how to play the piano and I never played the piano, and I wouldn’t presume to teach a pianist that they should rip out the black keys out of their piano because they are out of tune and a malicious actor can ruin the concerto.
And then wouldn’t play the victim when somebody points out that the problem is not that the black keys are there but it is rather security staff who is responsible for preventing access to the stage.

It’s not that we are trying to be condescending, believe me I’m trying really hard not to be.

But unfortunately, in all technical fields you need to have some level of technical expertise about the subject before you presume you can lecture on it.

You need to be this tall to ride, and unfortunately you are too short.

It’s not personal, it’s not an attack on you.
It’s just that you don’t have the technical knowledge required to understand things when we explain that to you.
It’s not a crime to not know things, you are not a worse person because of it. But we talk, you don’t understand, we are just talking past each other, and there’s no way to bridge that gap.

I’m sorry.


From: Std-Discussion <std-discussion-bounces_at_[hidden]> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 1:20 PM
To: mauro russo <ing.russomauro_at_[hidden]>
Cc: Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
Subject: Re: [std-discussion] C++ language has a big security hole.

I have seen this problem with many people on mailing lists. Without knowing anything about the other person, they think that the other person is a fool.

The same kind of thing happened with me few years ago and I challenged that person for a best of five chess games. And I said that if he wins then I will agree that he is smarter than me. But that person didn't even reply.

I have seen many people who think that they are smarter than other people but when you actually challenge them to prove their smatness then either they won't reply or they won't turn up.

Mocking someone is very easy. But proving your intelligence over others is very difficult.

I never assume that the other person is a fool. Who knows who is on the other end?

Regards,
Amit


On Mon, Feb 17, 2025, 4:51 PM mauro russo <ing.russomauro_at_[hidden]<mailto:ing.russomauro_at_[hidden]>> wrote:
guys,

it's not my role,
but keep calm :-)

Better not to shame anyone, about saying it's spam, or betting about age.

Amit, most of us guess that the subject is a bit unproper here, but anyway better to ask if this helps you.

C++ is not only OOP-oriented but also functional programming.
Anyway, let's not digress.

Hope you were convinced that the feature to force accessing private (which is a bad practice expect rare cases) is not a security issue.
Note also that old-style cast was to support retro-compatibility at that time with C.

Anyway, other people know better than me about history. I am just a user as you are :-)

Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>> ha scritto:
How do you know when I was born? I have seen many people on mailing lists who make assumptions without thinking much.

I was born before Microsoft was born.


Well, I had identified the private keyword flaw in 2004 but I didn't do anything about it.

I actually wouldn't have designed C++ this way where a key feature of the language can be rendered useless so easily.

But anyways, I don't program in C++ and will never program in C++ even if I am getting less salary in any other language.

I just don't like C++ because it is not a truly object oriented language. Friend functions break the whole object oriented concept. Besides, I think C++ is a complex language and good/expert programmers are hard to find.

Other than google, I know of few projects that failed because it was in C++, not many experts available in C++.

In fact I have always stopped moving my project(s) from C to C++.

I have also seen few projects that just used C++ to wrap C code.

Regards,
Amit




On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
What you are describing is known to every developer that is learning how to code, it has been there for over 30 years.
In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.

Wouldn’t you think if it was such a security risk as you claim, that developers wouldn’t have patch that by now?

Or is it rather more likely that we know something you don’t?



From: Amit <amitchoudhary0523_at_[hidden]<mailto:amitchoudhary0523_at_[hidden]>>
Sent: Monday, February 17, 2025 11:10 AM
To: Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>>
Cc: std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>; Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Subject: Re: [std-discussion] C++ language has a big security hole.

I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.

But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.

"Private variables in a C++ class can't be accessed directly" is a very popular statement.

Regards,
Amit


On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
How?


From: Std-Discussion <std-discussion-bounces_at_[hidden]<mailto:std-discussion-bounces_at_[hidden]>> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Cc: Amit <amitchoudhary0523_at_[hidden]<mailto:amitchoudhary0523_at_[hidden]>>; std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.

In all C++ object layouts, I have seen that members follow the previous one as in a C structure.

My main point is that hackers/bad people can take advantage of this.

Regards,
Amit


On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>> wrote:
Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.

However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.

I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.
--
Std-Discussion mailing list
Std-Discussion_at_[hidden]<mailto:Std-Discussion_at_[hidden]>
https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion