guys,

it's not my role,
but keep calm :-)

Better not to shame anyone, about saying it's spam, or betting about age.

Amit, most of us guess that the subject is a bit unproper here, but anyway better to ask if this helps you.

C++ is not only OOP-oriented but also functional programming.
Anyway, let's not digress.

Hope you were convinced that the feature to force accessing private (which is a bad practice expect rare cases) is not a security issue.
Note also that old-style cast was to support retro-compatibility at that time with C.

Anyway, other people know better than me about history. I am just a user as you are :-)

Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <std-discussion@lists.isocpp.org> ha scritto:
How do you know when I was born? I have seen many people on mailing lists who make assumptions without thinking much.

I was born before Microsoft was born.


Well, I had identified the private keyword flaw in 2004 but I didn't do anything about it.

I actually wouldn't have designed C++ this way where a key feature of the language can be rendered useless so easily.

But anyways, I don't program in C++ and will never program in C++ even if I am getting less salary in any other language.

I just don't like C++ because it is not a truly object oriented language. Friend functions break the whole object oriented concept. Besides, I think C++ is a complex language and good/expert programmers are hard to find.

Other than google, I know of few projects that failed because it was in C++, not many experts available in C++.

In fact I have always stopped moving my project(s) from C to C++.

I have also seen few projects that just used C++ to wrap C code.

Regards,
Amit




On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf@hotmail.com> wrote:

What you are describing is known to every developer that is learning how to code, it has been there for over 30 years.

In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.

 

Wouldn’t you think if it was such a security risk as you claim, that developers wouldn’t have patch that by now?

 

Or is it rather more likely that we know something you don’t?

                                                                      

 

 

From: Amit <amitchoudhary0523@gmail.com>
Sent: Monday, February 17, 2025 11:10 AM
To: Tiago Freire <tmiguelf@hotmail.com>
Cc: std-discussion@lists.isocpp.org; Jan Schultke <janschultke@googlemail.com>
Subject: Re: [std-discussion] C++ language has a big security hole.

 

I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.

 

But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.

 

"Private variables in a C++ class can't be accessed directly" is a very popular statement.

 

Regards,

Amit

 

 

On Mon, Feb 17, 2025, 3:29PM Tiago Freire <tmiguelf@hotmail.com> wrote:

How?

 

 

From: Std-Discussion <std-discussion-bounces@lists.isocpp.org> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke@googlemail.com>
Cc: Amit <amitchoudhary0523@gmail.com>; std-discussion@lists.isocpp.org
Subject: Re: [std-discussion] C++ language has a big security hole.

 

In all C++ object layouts, I have seen that members follow the previous one as in a C structure.

 

My main point is that hackers/bad people can take advantage of this.

 

Regards,

Amit

 

 

On Mon, Feb 17, 2025, 3:17PM Jan Schultke <janschultke@googlemail.com> wrote:

Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.

However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.

I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.

--
Std-Discussion mailing list
Std-Discussion@lists.isocpp.org
https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion