This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Java in General and the fly likes how can private provide security for variables Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "how can private provide security for variables" Watch "how can private provide security for variables" New topic
Author

how can private provide security for variables

raghu mrvreddy
Greenhorn

Joined: Nov 24, 2006
Posts: 7
hi
My friend was asked a question in google about private access modifiers.

question was :

if you have setters and getters methods for accessing private variables, how are you providing security for private variables if the client can set the private variable value using setter methods

in advance
Thanks
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

I didn't think I was providing security when I did that. But I might have been; it depends on what you mean by "security" there.
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
indeed.
There is a strong school of thought that says you shouldn't generally have setters at all, just getters, and set every field through the constructor only (essentially making as many objects immutable as possible).

You could say you're providing the option of increased security when using setters as you can write them to provide for example validation (or even authorisation), though you certainly don't have to.


42
Ådne Brunborg
Ranch Hand

Joined: Aug 05, 2005
Posts: 208
In a setter, it is really easy to add data verification, e.g.


Maybe, by "providing security", Raghuveer was referring to something like this?


Entia non sunt multiplicanda praeter necessitatem
David McCombs
Ranch Hand

Joined: Oct 17, 2006
Posts: 212
Encapsulation is what is provided by OOP, not security. I suspect what you mean is encapsulation.

Making an object immutable is no different security-wise, or encapsulation-wise then having mutators. Whether you are passing data through a constructor gains no "security" benefits over passing it to a mutator. There are plenty of benefits to using immutable classes but are related to performance and memory usage.


"Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration."- Stan Kelly-Bootle
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Well, that would depend on your definition of security. If I define it as "I instantiate an object and I want to prevent you from changing it" then immutable is more secure than a setter. If I mean "I want to let you change it within some domain of values" then a setter with validation is more secure than a public variable. And if I mean "I don't want you to know this variable even exists" ... what implementation would you choose?


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how can private provide security for variables
 
Similar Threads
private constructor
encapsulation philosophy
package problem
Question No.36 from Javacaps
private(?) writeObject/readObject