# Enscapulation in Python 

### What is Encapsulation?

Ensapsulation is one of the four fundamental OOP concepts. The other three are inheritance, polymorphism, and abstraction.

Encapsulation is the technique of making the fields in a class private and providing access to the fields via public methods. It is a protective barrier that keeps the data safe within the class and hides the data from the outside world.

### python encapsulation is not strict as in other languages like Java, C++ etc.
##### three methods of encapusolation in python
- 1.Access modifiers(__private, _protected, public(bysdefault))
- 2.Using Getters and Setters 
- 3.Using property() function or decorators


# Access Modifiers

In [1]:
# Public class for the node
class Node:
    def __init__(self, data):
        self.data = data
        self.next = None

# we can access the node class by creating an object of the class
node = Node(10)
print(node.data)

10


In [3]:
# make protected class 
class Node:
    def __init__(self, data):
        self._data = data
        self._next = None
        # these are only accessible within the classes (parent and child classes) and not outside the class
        # we can access them by creating an object of the class
class B(Node):
    # Accessing the parent calss protected members 
    def __init__(self, data):
        Node.__init__(self, data)
        print("Protected member of the parent class: ", self._data)
b = B(20)
print(b._data) # we can't access the protected member outside the class


Protected member of the parent class:  20
20


In [7]:
# Private class 
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
obj = A("John", 1000)
print(f'Name: {obj.name}', f'Balance: {obj.__balance}') # we can't access the private member outside the class

AttributeError: 'A' object has no attribute '__balance'

In [9]:
# Private class 
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    def display(self):
        print(f'Name: {self.name}', f'Balance: {self.__balance}') # here we giving self access to the private member
obj = A("John", 1000)
print(obj.display()) # we can't access the private member outside the class

Name: John Balance: 1000
None


In [15]:
# Private class 
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    def get_balance(self):
        if self.name == "Babar":
            return self.__balance
        return "Not allowed"
obj = A("Babar", 1000)
print(f'Name : {obj.name}', f'Balance: {obj.get_balance()}') # we can't access the private member outside the class


Name : Baba Balance: Not allowed


In [16]:
# Private class 
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    def get_balance(self):
        if self.name == "Babar":
            return self.__balance
        return "Not allowed"
obj = A("ali", 1000)
print(f'Name : {obj.name}', f'Balance: {obj.get_balance()}') # we can't access the private member outside the class


Name : ali Balance: Not allowed


In [18]:
# Private class 
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    def get_balance(self):
        if self.name == "Babar":
            return self.__balance
        return "Not allowed"
obj = A("ali", 1000)
print(f'Name : {obj.name}', f'Balance: {obj.get_balance()}') # we can't access the private member outside the class

# but we can access the private member by using the name mangling 
print(obj._A__balance) # we can't access the private member outside the class

Name : ali Balance: Not allowed
1000


In [19]:
# now using Getter and Setter methods
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    def get_balance(self):
        if self.name == "Babar":
            return self.__balance
        return "Not allowed"
    def set_balance(self, balance):
        self.__balance = balance
obj = A("Babar", 1000)
print(f'Name : {obj.name}', f'Balance: {obj.get_balance()}') # we can't access the private member outside the class

Name : Babar Balance: 1000


In [20]:
# using proerty decorator
class A:
    def __init__(self,name,balance):
        self.name = name            # public member
        self.__balance = balance   # private member
    @property
    def balance(self):
        return self.__balance
    @balance.setter
    def balance(self, balance):
        self.__balance = balance
obj = A("Babar", 1000)
print(f'Name : {obj.name}', f'Balance: {obj.balance}') # we can't access the private member outside the class

Name : Babar Balance: 1000


**Name mangling** is a mechanism in Python used to make class attributes more secure and to avoid accidental overriding when a class is inherited. It’s a way Python internally changes the name of a variable or method to make it harder to access them from outside the class, especially for **private** members.

### **How Name Mangling Works**:
- When you define an attribute or method with **double underscores** (`__`) at the beginning of its name in a class, Python automatically modifies its name by adding the class name as a prefix. This makes it harder to access that attribute or method from outside the class, simulating private access.
- This name mangling is done internally by Python to prevent accidental access to these variables, especially in the case of inheritance where the subclass might accidentally override the private attributes.

### **Why Use Name Mangling?**
- To create **pseudo-private** attributes in Python. Although Python doesn't enforce strict private variables like other languages (e.g., C++ or Java), name mangling provides a level of protection from unintended access or modification.
- It helps **avoid accidental conflicts** with names in subclasses when inheritance is involved.

---

### **How to Use Name Mangling (Private Members)**:
- To declare a **private** attribute or method, you start its name with **two underscores** (`__`).

Example:

```python
class Test:
    def __init__(self):
        self.__private_variable = "This is private"

    def __private_method(self):
        print("This is a private method")

    def public_method(self):
        print(self.__private_variable)
        self.__private_method()

# Create an object of Test class
obj = Test()

# Accessing private members directly (will fail)
# print(obj.__private_variable)  # Raises AttributeError

# Calling the public method to access private members indirectly (works)
obj.public_method()

# Accessing private members via name mangling
print(obj._Test__private_variable)  # This works (This is private)
```

**Explanation**:
- `__private_variable` is name-mangled to `_Test__private_variable` internally.
- Directly accessing `__private_variable` or `__private_method` will raise an `AttributeError`.
- However, you can still access it using the mangled name `_Test__private_variable`, but it's discouraged because it goes against the principle of encapsulation.

---

### **Key Points**:
1. **Name Mangling**: Adds a class-specific prefix (e.g., `_ClassName`) to attributes or methods that start with double underscores (`__`).
2. **Purpose**: Prevent accidental access or modification of private attributes, especially in the context of inheritance.
3. **Access**: You can still access these attributes using their mangled name, but it’s considered bad practice.

Name mangling is a feature that enhances encapsulation in Python, providing a way to protect class members while allowing flexibility when absolutely necessary.

You're right in observing that **name mangling** is not a fully secure way to protect class attributes in Python—it simply discourages casual access to private variables, but determined users can still access them using the mangled name. Python's philosophy leans towards **"we are all consenting adults"**, meaning it provides mechanisms to signal intent (like name mangling) rather than strictly enforcing access restrictions.

If you need **stronger protection** for sensitive data, like API keys, passwords, or sensitive business logic, it's better to go beyond basic encapsulation and use third-party libraries or more secure practices. Here are some ways to enhance security:

---

### **1. Using Property Decorators with Validation or Encryption**

You can use Python’s `@property` decorator to create getter and setter methods, which can validate or encrypt data before storing or accessing it.

#### **Example: Using Property with Validation**
```python
class SecureData:
    def __init__(self):
        self.__password = None

    @property
    def password(self):
        raise ValueError("Direct access to the password is not allowed!")

    @password.setter
    def password(self, pwd):
        if len(pwd) < 8:
            raise ValueError("Password must be at least 8 characters long!")
        self.__password = pwd  # Store password securely after validation

# Usage
secure_obj = SecureData()
secure_obj.password = "mypassword123"  # Sets password
# print(secure_obj.password)  # Raises ValueError: Direct access to the password is not allowed!
```

This approach gives you control over how attributes are accessed and modified, ensuring secure data handling.

---

### **2. Using Third-Party Libraries for Encryption**

If you're dealing with **sensitive data** like passwords or personal information, it's important to store that data securely. One way to achieve this is by using encryption via third-party libraries such as `cryptography` or `pycryptodome`.

#### **Example: Encrypting and Decrypting Data with Cryptography**

1. First, install the `cryptography` package:
   ```
   pip install cryptography
   ```

2. Example of encrypting a password before storing it:

```python
from cryptography.fernet import Fernet

class SecureData:
    def __init__(self):
        # Generate an encryption key
        self.__key = Fernet.generate_key()
        self.__cipher = Fernet(self.__key)
        self.__encrypted_password = None

    def set_password(self, password):
        # Encrypt password before storing
        self.__encrypted_password = self.__cipher.encrypt(password.encode())
        print("Password encrypted and stored securely!")

    def get_password(self):
        # Decrypt password when accessing it
        if self.__encrypted_password:
            return self.__cipher.decrypt(self.__encrypted_password).decode()
        else:
            raise ValueError("No password set!")

# Usage
secure_obj = SecureData()
secure_obj.set_password("supersecretpassword")
print(secure_obj.get_password())  # Outputs: supersecretpassword
```

**Explanation**:
- **Encryption**: The `Fernet` cipher is used to encrypt the password, ensuring that even if someone gains access to the object, they can’t directly read the password without decrypting it.
- **Key Management**: The encryption key (`self.__key`) should be securely stored (not hardcoded in the class) or retrieved from a secure source like a key vault.

---

### **3. Using Environment Variables for Sensitive Information**

It's a best practice to store sensitive information like API keys or database credentials in **environment variables** rather than hardcoding them into your Python code. This keeps your sensitive data out of source control and makes it harder for attackers to access.

#### **Example: Accessing Sensitive Data via Environment Variables**
```python
import os

class DatabaseConnection:
    def __init__(self):
        # Fetch credentials from environment variables
        self.__db_user = os.getenv("DB_USER")
        self.__db_password = os.getenv("DB_PASSWORD")

    def connect(self):
        if not self.__db_user or not self.__db_password:
            raise ValueError("Database credentials are not set!")
        print(f"Connecting to the database with user: {self.__db_user}")

# Usage (assuming environment variables are set)
# export DB_USER=myuser
# export DB_PASSWORD=mypassword
db_conn = DatabaseConnection()
db_conn.connect()
```

**Benefits**:
- Environment variables can be managed securely on different platforms (e.g., cloud services, Docker containers).
- Sensitive data is not hardcoded in the application, reducing the risk of exposure.

---

### **4. Using Secret Management Services**

For highly secure systems, it's recommended to use **secret management services**. Cloud providers and third-party platforms offer services to securely manage sensitive information like API keys, passwords, and certificates.

- **AWS Secrets Manager**: Securely stores and retrieves secrets (e.g., database credentials) from AWS applications.
- **Google Cloud Secret Manager**: Centralized secret management in Google Cloud.
- **HashiCorp Vault**: Open-source tool for managing secrets, tokens, encryption keys, and other sensitive information.
  
These services provide:
- **Encryption at rest** for secrets.
- **Access control** using role-based policies.
- **Audit logging** to track access to secrets.

---

### **5. Secure APIs and Authentication**

If you're dealing with web APIs or user authentication systems, ensure the following:
- Use **OAuth2** for token-based authentication (e.g., with libraries like `oauthlib` or `authlib`).
- Ensure that sensitive API keys or tokens are stored securely (e.g., using environment variables, secret management, or encryption).

#### **Example: Secure API Access Using OAuth2**
```python
from requests_oauthlib import OAuth2Session

class SecureAPI:
    def __init__(self, client_id, client_secret, token_url):
        self.oauth = OAuth2Session(client_id)
        self.token = self.oauth.fetch_token(token_url=token_url, client_id=client_id, client_secret=client_secret)

    def get_data(self, url):
        response = self.oauth.get(url)
        return response.json()

# Usage (client_id and client_secret should be stored securely)
client_id = "your-client-id"
client_secret = "your-client-secret"
token_url = "https://example.com/token"

api = SecureAPI(client_id, client_secret, token_url)
data = api.get_data("https://example.com/api/data")
```

**Explanation**:
- OAuth2 is used to securely authenticate and access the API, avoiding the need to expose sensitive tokens or credentials.

---

### **Summary: Securing Sensitive Data in Python**
1. **Encapsulation**: Use private attributes with name mangling and control access through getter/setter methods.
2. **Encryption**: For highly sensitive data, use libraries like `cryptography` to encrypt data before storing or transmitting it.
3. **Environment Variables**: Store sensitive data like API keys in environment variables.
4. **Secret Management**: Use third-party secret management services for robust security.
5. **API Security**: Use OAuth2 for secure API access and token-based authentication.


These methods combined will help you build secure, robust Python applications where sensitive data is well-protected.