* Is there any approach to define "private" vars in GOOPS?
@ 2011-03-09 2:37 nalaginrut
2011-03-09 8:46 ` Neil Jerram
0 siblings, 1 reply; 7+ messages in thread
From: nalaginrut @ 2011-03-09 2:37 UTC (permalink / raw)
To: Guile
hi all!
I got a question. Is there any approach to define a "private"
vars/methods in the GOOPS? Or it's impossible? I didn't find any
"private" info in the GOOPS manual.
--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 2:37 Is there any approach to define "private" vars in GOOPS? nalaginrut
@ 2011-03-09 8:46 ` Neil Jerram
2011-03-09 9:27 ` nalaginrut
2011-03-09 9:46 ` Mark H Weaver
0 siblings, 2 replies; 7+ messages in thread
From: Neil Jerram @ 2011-03-09 8:46 UTC (permalink / raw)
To: NalaGinrut; +Cc: Guile
nalaginrut <nalaginrut@gmail.com> writes:
> hi all!
> I got a question. Is there any approach to define a "private"
> vars/methods in the GOOPS? Or it's impossible? I didn't find any
> "private" info in the GOOPS manual.
Hi there!
In Guile, the visibility of identifiers - including any functions you've
defined to get and set GOOPS slots - is controlled by the module system,
and is completely orthogonal to anything specific to GOOPS.
However, the module system can't prevent any code from doing
(slot-ref obj 'some-slot-that-should-be-private)
once it has OBJ, and knows that OBJ has a slot named
some-slot-that-should-be-private.
(In effect because slot names live in a different namespace from that of
identifiers, and which isn't connected to the module system.)
If you can determine at runtime whether or not any given slot access is
allowed - perhaps based on (current-module) - it should be possible to
enforce this by defining a new kind of slot #:allocation and putting
that runtime check in the #:slot-ref function.
Regards,
Neil
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 8:46 ` Neil Jerram
@ 2011-03-09 9:27 ` nalaginrut
2011-03-09 9:37 ` nalaginrut
2011-03-09 9:46 ` Mark H Weaver
1 sibling, 1 reply; 7+ messages in thread
From: nalaginrut @ 2011-03-09 9:27 UTC (permalink / raw)
To: Neil Jerram; +Cc: Guile
> If you can determine at runtime whether or not any given slot access is
> allowed - perhaps based on (current-module) - it should be possible to
> enforce this by defining a new kind of slot #:allocation and putting
> that runtime check in the #:slot-ref function.
>
> Regards,
> Neil
Thanks for your answer :-)
But I think a new kind of slot allocation seems not easy.
For example. If I got a class "player", and assume we've already defined
a new kind allocation, say, #:allocation #:private.
===============================
(define-class <player> ()
......
(score #:init-value 0 #:allocation #:private)
......)
=====
I don't want somebody change "score" except calling a method to compute
his real score.
And I have a method to update player's score:
=====
(define-method (score-update (player <player>))
...
(slot-set! (slot-ref player 'score) newscore)
... )
========================
The problem is how to check the scope of "score" from "score-update".
I've no idea because the definition of "score-update" is actually out of
the class definition.
Can I get some advice about the topic "how to hide the critical
property"? Or maybe I have some misunderstandings?
--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 9:27 ` nalaginrut
@ 2011-03-09 9:37 ` nalaginrut
2011-03-09 22:19 ` Andy Wingo
2011-04-01 22:55 ` Neil Jerram
0 siblings, 2 replies; 7+ messages in thread
From: nalaginrut @ 2011-03-09 9:37 UTC (permalink / raw)
To: Neil Jerram; +Cc: Guile
> > If you can determine at runtime whether or not any given slot access is
> > allowed - perhaps based on (current-module) - it should be possible to
> > enforce this by defining a new kind of slot #:allocation and putting
> > that runtime check in the #:slot-ref function.
> >
> > Regards,
> > Neil
>
> Thanks for your answer :-)
> But I think a new kind of slot allocation seems not easy.
> For example. If I got a class "player", and assume we've already defined
> a new kind allocation, say, #:allocation #:private.
> ===============================
> (define-class <player> ()
> ......
> (score #:init-value 0 #:allocation #:private)
> ......)
> =====
> I don't want somebody change "score" except calling a method to compute
> his real score.
> And I have a method to update player's score:
> =====
> (define-method (score-update (player <player>))
> ...
> (slot-set! (slot-ref player 'score) newscore)
> ... )
> ========================
> The problem is how to check the scope of "score" from "score-update".
> I've no idea because the definition of "score-update" is actually out of
> the class definition.
>
> Can I get some advice about the topic "how to hide the critical
> property"? Or maybe I have some misunderstandings?
>
Sorry I think the "update score" is a fake problem. It can be solved by
#:allocation #:virtual.
But I still want to talk this topic: "How to hide the critical
property?"
--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 9:37 ` nalaginrut
@ 2011-03-09 22:19 ` Andy Wingo
2011-04-01 22:55 ` Neil Jerram
1 sibling, 0 replies; 7+ messages in thread
From: Andy Wingo @ 2011-03-09 22:19 UTC (permalink / raw)
To: NalaGinrut; +Cc: Guile, Neil Jerram
On Wed 09 Mar 2011 10:37, nalaginrut <nalaginrut@gmail.com> writes:
> But I still want to talk this topic: "How to hide the critical
> property?"
I don't know what the GOOPS / CLOS answer is to this, but more
generally, you might enjoy the following paper:
http://mumble.net/~jar/pubs/secureos/
Regards,
Andy
--
http://wingolog.org/
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 9:37 ` nalaginrut
2011-03-09 22:19 ` Andy Wingo
@ 2011-04-01 22:55 ` Neil Jerram
1 sibling, 0 replies; 7+ messages in thread
From: Neil Jerram @ 2011-04-01 22:55 UTC (permalink / raw)
To: NalaGinrut; +Cc: Guile
nalaginrut <nalaginrut@gmail.com> writes:
> Sorry I think the "update score" is a fake problem. It can be solved by
> #:allocation #:virtual.
> But I still want to talk this topic: "How to hide the critical
> property?"
With apologies for the late reply...
I guess something like this (untested):
(define valid-score-update #f)
(define slot-setter-if-valid-scope #f)
(let ((valid-scope #f))
(set! valid-score-update
(lambda (player newscore)
(set! valid-scope #t)
(slot-set! player 'score newscore)
(set! valid-scope #f)))
(set! slot-setter-if-valid-scope
(lambda (obj new-val)
(or valid-scope
(error "Not in valid scope!"))
(set! (score obj) new-val))))
Then use `valid-score-update' in the definition of the score-update
method, and `slot-setter-if-valid-scope' as the #:slot-set! option of
your virtual 'score slot.
I've assumed that (score obj) provides the real underlying storage for
the virtual slot; it could be a (make-object-property), for example.
Unfortunately I'd say this adds up to an over-contrived solution; but
hopefully it's still useful to show how it _could_ be done.
Regards,
Neil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Is there any approach to define "private" vars in GOOPS?
2011-03-09 8:46 ` Neil Jerram
2011-03-09 9:27 ` nalaginrut
@ 2011-03-09 9:46 ` Mark H Weaver
1 sibling, 0 replies; 7+ messages in thread
From: Mark H Weaver @ 2011-03-09 9:46 UTC (permalink / raw)
To: NalaGinrut; +Cc: Guile
There is another approach (probably overkill) to storing private
attributes of GOOPS objects, or any other Scheme object for that matter:
Weak-key hash tables, documented in section 6.18.3.1 of the manual.
A nice high-level interface for using them is `make-object-property'.
However, it should be noted that Guile doesn't attempt to enforce strong
security barriers within a single process. Even non-exported interfaces
in a module can be accessed from outside using the (@@ MODULE VAR)
syntax (section 6.19.2).
Best,
Mark
Neil Jerram <neil@ossau.uklinux.net> writes:
> However, the module system can't prevent any code from doing
>
> (slot-ref obj 'some-slot-that-should-be-private)
>
> once it has OBJ, and knows that OBJ has a slot named
> some-slot-that-should-be-private.
>
> (In effect because slot names live in a different namespace from that of
> identifiers, and which isn't connected to the module system.)
>
> If you can determine at runtime whether or not any given slot access is
> allowed - perhaps based on (current-module) - it should be possible to
> enforce this by defining a new kind of slot #:allocation and putting
> that runtime check in the #:slot-ref function.
>
> Regards,
> Neil
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-04-01 22:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-09 2:37 Is there any approach to define "private" vars in GOOPS? nalaginrut
2011-03-09 8:46 ` Neil Jerram
2011-03-09 9:27 ` nalaginrut
2011-03-09 9:37 ` nalaginrut
2011-03-09 22:19 ` Andy Wingo
2011-04-01 22:55 ` Neil Jerram
2011-03-09 9:46 ` Mark H Weaver
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).