-
Notifications
You must be signed in to change notification settings - Fork 0
Home
It is well-known that Python does not provide anything representing private attributes (1, 2, 3, 4). Programmers starting with Python occasionally bump into this, not only because they are used to write field modifiers in languages such as Java, but also because some designs are simply impossible to write without having private attributes:
-
Private fields guarantee that no one else can access the value in that field, unless the class-instance provide public methods to do so. In that way the instance becomes the sole responsible for the field which is very convenient for patterns such as Separation of Concerns. It allows the programmer to put more assumptions and guarantees on that field; for example that the field will never be null, zero or never changes type.
-
The above point is on the convenience for the programmer, the problems prevented by using private fields can also be avoided by careful programming (e.g. in Python: naming fields with the prefix _ to indicate that they should not be touched outside the class). When implementing security mechanisms for protection against third party code, such as information-flow control monitors or a capability system, the absence of private variables becomes a real obstacle.
Some projects are / were running to add similar security features to Python, such as Restricted Python, CapPython, PyPy-sandbox, sattelite.py and pysandbox. These projects modify the interpreter, perform highly complex hiding of built-in functions or statically check untrusted code, each having a specific target in mind. PyOpaque, on the other hands, aims to be simple: providing a simple means of creating private attributes without changing the interpreter. We hope that this is enough to serve as a building block for building pure Python implementations for capabilities, information-flow monitors and similar mechanisms.
When extending Python with a new primitive type (via C++) such as for example cStringIO does, the extension needs to explicitly provide all capabilities of this type, such as it's methods, getattribute function etc. This could be considered a challenge for the programmer, but in PyOpaque is used as an advantage.
PyOpaque consists of a C-module cPyOpaque and a Python-module PyOpaque. The C-module defines a new type that can be instantiated with a class and a list of public/private attributes for that class. Instances of this type (EncapsulatingObject) are C-objects and thus opaque except for the functionality the C-module enables. cPyOpaque only allows to access the attributes listed as public by the class. The Python-module PyOpaque presents a simple interface to the C-module and tries to make the encapsulating object behave as much as possible as the object it encapsulates.
More on How PyOpaque works.
This presentation can be useful too.
Please, visit the Installation instructions or the API-and-usage wiki page.