473,549 Members | 2,699 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Protected Static may as well be public?

I just made an observation and I wondered if it's generally known (or
if I'm missing something). My observation is that static protected
members are essentially useless, only a hint to the user. They don't
actually protect any encapsulation or anything, and for all the actual
protection they offer, they might as well be public.

For example:

class B {
protected:
static int i;
static void f();
};

int B::i=0;
void f() {
}

Nothing stops anybody anywhere from reading or changing B::i or from
calling B::f(). All anyone needs to do is create a derived class like
so:

struct D : B {
static int &i() { return B::i; }
static void f() { B::f(); }
};

And, voila, the static protected method is (indirectly) publicly
accessible. Two lines of code overhead plus a line for each member to
be exposed. No one even has to create an instance, so private
constructors and destructors are no protection either.

Is this generally known (and is it correct)? Maybe people seldom make
protected static members, so it's rarely an issue in practice.

Aug 25 '05 #1
13 7688
seems like you are misinterpreting the scecurity access provided by the
c++ language!!!

c++ dosn't offer you the scecurity in the sense of the one provided by
some encryption algorithm that can withstand your malicious attempts as
well. c++ just gives you access specifier so that if you want to create
good software you can create that. however if you
want to misuse the access specifiers u can do that as well.

though nothing special about this static members case only. the same
sceurtiy can
be bypasses if you have protected member in base class and some derived
class function returns gives access to these protected memeber objects
by exposing some public functions for this.

thanks
rt

Aug 25 '05 #2
ra************@ gmail.com wrote:
c++ dosn't offer you the scecurity in the sense of the one provided by
some encryption algorithm that can withstand your malicious attempts as
well. c++ just gives you access specifier so that if you want to create
good software you can create that.
I understand that. But in most other cases, you have to do something
crafty like a weird cast or a preprocessor hack that probably invokes
UB to break encapsulation (assuming the class is otherwise well
designed). In this case, access is achieved using fairly basic
language features.
however if you
want to misuse the access specifiers u can do that as well.
Well, more to the point, considering how easy this is, what kind of
protection are you asking for when you make a protected static member?
It's rather easy for access to leak out to just about anyone even if
you discard malicious intent.

When I make a member function protected, I have the assurance that only
derived classes will be able to invoke it, and then only on themselves
or instances of their own class. I see no similar assurance given by
"protected static" to anyone anywhere.
though nothing special about this static members case only. the same
sceurtiy can
be bypasses if you have protected member in base class and some derived
class function returns gives access to these protected memeber objects
by exposing some public functions for this.


True, but in this case only instances of the poorly designed class are
exposed. Any other class inheriting from B will still be fully
protected. And instances of B itself are fully protected.

Aug 25 '05 #3
Adam H. Peterson wrote:
<snip>
I understand that.**But*in*m ost*other*cases ,*you*have*to
do*something crafty like a weird cast or a preprocessor
hack that probably invokes UB to break encapsulation
(assuming the class is otherwise well designed).**In
this*case,*acce ss*is*achieved* using*fairly*ba sic
language features.

<snip>

You can promote all protected members (data and methods,
both static and non-static) to public in derived classes,
so you can as well claim that all protected members could
as well be public. What's more, you can give access to
any private data or member if you really try:

class Leaking {
int i;
void f();
public:
template <typename T>
void foo( T & t );
};

struct Intruder { int i; void (Leaking::*f)() ; };

template <>
void Leaking::foo<In truder>( Intruder & intruder ) {
intruder.i = i;
intruder.f = f;
}

int main() {
Leaking l;
Intruder i;
l.foo( i );
i.f(); // calls private member function!
}

Does that mean that all private members may as well be
public? Surely not.

Marc

Aug 25 '05 #4
That specialization trick is something. However, in order to take
advantage of it, the base class has to have a template member function.
It's perhaps unfortunate that the innards of a class could be accessed
this way. (Or rather, it's unfortunate that such access can't be
prevented since you can't stop a user from specializing a function.
The specialization would technically be considered a member of the base
class, even though the base can't prevent anybody from creating such a
member.) But it's an unfortunate consequence of using that particular
language feature.

(Incidentally, another such hole is pure virtual functions that do not
provide a stub implementation. )

My contention is that protected access itself doesn't make sense for
static members. I'm saying that this language feature whose purpose it
is to govern and regulate access to members is incapable of doing so
for static members. There doesn't have to be any opening available
to a class user allowing them to sneak in and become a member without
the knowledge of the base class. Trying to provide protected access
for a static member is not a well formed concept.

When I make a member private, it's well defined that the intention is
that only class members access the member. The language for the most
part checks this, even if there are a few language features that leave
a hole for producing new members after the class definition. Protected
nonstatic members also have a similar well-defined intention -- that
these members should only be manipulated by members of a derived class,
and then only those belonging to instances of that derived class. But
giving a static member protected access does not give a well defined
intention. What relationship should be in place between two entities
before one may access the other's protected static members? Ideally,
we'd like to say that one is a derived class of the other. But it's
much looser than that. Effectively, it is that a derived class of the
other exists that the first knows about or has control over. But that
doesn't make much sense from either a data-hiding point of view or an
object oriented design point of view, at least not to me.

The case that motivated this discussion is a project where a programmer
(not me, but I'm on the project too) gave a class Widget a protected
destructor. The idea is that only widgets should be able to create and
destroy other widgets (except a few friend classes that aren't
important here). However, the issue arose when a DerivedWidget1 tried
to delete a DerivedWidget2. This is illegal, since protected members
are only available to the class itself, not other classes that
inherited the same members. The workaround (besides making the
destructor public in the first place) is to make a protected static
function that does the delete for you. Then any derived class can
destroy any other derived class. However, this opens the floodgates
since there's no way to prevent anyone from creating a derived class.
Even private constructors/destructors/new operators/etc. won't have any
effect since instantiation is not required. At this point, the
destructor might as well be public in the first place.

Aug 25 '05 #5
Ram
Adam H. Peterson wrote:
I just made an observation and I wondered if it's generally known (or
if I'm missing something). My observation is that static protected
members are essentially useless, only a hint to the user. They don't
actually protect any encapsulation or anything, and for all the actual
protection they offer, they might as well be public.

For example:

class B {
protected:
static int i;
static void f();
};

int B::i=0;
void f() {
}

Nothing stops anybody anywhere from reading or changing B::i or from
calling B::f(). All anyone needs to do is create a derived class like
so:

struct D : B {
static int &i() { return B::i; }
static void f() { B::f(); }
};
[snip]

To me it seems you are incorrectly interpreting the access specifiers.
A protected specifier means that the members are accessible to the
derived classes, but it doesn't regulate in any way the derived classes
use them. They may as well expose them publicly, however that I'll call
a flaw in design except for may be some exceptional cases.
And, voila, the static protected method is (indirectly) publicly
accessible. Two lines of code overhead plus a line for each member to
be exposed. No one even has to create an instance, so private
constructors and destructors are no protection either.


Here, protected members are accessible through the interface which D
provides. Its still illegal to say,

B::i = something; // error
or
B::f(); // error

I don't see any discrepancy in this and this is independent to being
static/non-static. The only difference being that for non-static
members you need to instantiate an object to access them. As for
protection through constructor/destructors, I can as well access
protected constructor/destructor of a base through its public derived
interface.

Aug 25 '05 #6
Ben
Adam H. Peterson wrote:
I just made an observation and I wondered if it's generally known (or
if I'm missing something). My observation is that static protected
members are essentially useless, only a hint to the user. They don't
actually protect any encapsulation or anything, and for all the actual
protection they offer, they might as well be public.

For example:

class B {
protected:
static int i;
static void f();
};

int B::i=0;
void f() {
}

Nothing stops anybody anywhere from reading or changing B::i or from
calling B::f(). All anyone needs to do is create a derived class like
so:

struct D : B {
static int &i() { return B::i; }
static void f() { B::f(); }
};

And, voila, the static protected method is (indirectly) publicly
accessible. Two lines of code overhead plus a line for each member to
be exposed. No one even has to create an instance, so private
constructors and destructors are no protection either.

Is this generally known (and is it correct)? Maybe people seldom make
protected static members, so it's rarely an issue in practice.


OK, so what about:

class Stupid {
protected:
int i_;
public:
int& Expose() {return i_;}
};

No inheritance, static, or anything, and any old user can access the
*protected* member.

The problem is the design, not the language.

If you don't want subclasses to allow public access to a member of your
class, then don't allow the subclass access to it... make it a private
member and don't expose it in your class (by returning reference or
pointer).

Ben
--
I'm not just a number. To many, I'm known as a String...
Aug 25 '05 #7

"Adam H. Peterson" <al**********@g mail.com> wrote in message
news:11******** **************@ z14g2000cwz.goo glegroups.com.. .
[SNIP]
The case that motivated this discussion is a project where a programmer
(not me, but I'm on the project too) gave a class Widget a protected
destructor. The idea is that only widgets should be able to create and
destroy other widgets (except a few friend classes that aren't
important here). However, the issue arose when a DerivedWidget1 tried
to delete a DerivedWidget2. This is illegal, since protected members
are only available to the class itself, not other classes that
inherited the same members. The workaround (besides making the
destructor public in the first place) is to make a protected static
function that does the delete for you. Then any derived class can
destroy any other derived class. However, this opens the floodgates
since there's no way to prevent anyone from creating a derived class.
Even private constructors/destructors/new operators/etc. won't have any
effect since instantiation is not required. At this point, the
destructor might as well be public in the first place.


You mean that the DTOR was declared private because protected members are
inherited and accessible by derived classes. The way that you actually
unhinge the protection concept with classes does not only work with static
but also with ordinary member functions because you simply expose protected
functions. Naturally, the compiler and the language will let you do this
because it's your responsibility and you might (or might not) have a good
reason to do so. Sometimes it is even necessary to fix broken interfaces of
3rd party libs.

Anyway, the concept of public/private/protected is not to build a
high-security apparatus but rather to prevent fellow programmers from
unintentionally doing stupid things or indicating a certain behavior, like
having non copyable objects, to people using the classes.

Cheers
Chris
Aug 25 '05 #8
Ram wrote:
Here, protected members are accessible through the interface which D
provides. Its still illegal to say,

B::i = something; // error
or
B::f(); // error


True, but it might as well be legal. I don't see access protection as
something that's only provided in name and by using a bit of innocuous
syntax it can be stripped away. If I have:

class B {
protected:
void m_f();
static void s_f();
};

B b;

There's no way I can call b.m_f() without going through the class
interface. I can't get access to the b object by inheritance because
it's already instanced and the class author didn't screw up and break
encapsulation by making a naked accessor some other way. It's true
that if I create my own derived class, I can invoke the m_f() on
instances of that class, but that's a new class and I share
responsibility in it.

By contrast, I can create a three line code snippet that allows me to
call b.s_f() in all but name. So what kind of protection do I get by
declaring s_f() protected instead of public? What level of class
privilege do I have to have? If I'm a library vendor, what constraints
are imposed on calling s_f() that ensures any part of the integrity of
my library?

I'm not saying we should never declare protected static members. It
does serve as a useful hint to the class user. But it looks to me like
a "hint" is all that it provides.

Aug 25 '05 #9
Adam H. Peterson wrote:
Nothing stops anybody anywhere from reading or changing B::i or from
calling B::f(). All anyone needs to do is create a derived class like
so:
struct D : B {
static int &i() { return B::i; }
static void f() { B::f(); }
};

And, voila, the static protected method is (indirectly) publicly
accessible.


I don't see the point. Protected means that you can access it from derived
classes. You use it from a derived class, so you can acces it. You have
observed that the language works as it is designed to do.

--
Salu2
Aug 25 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
1426
by: Piotre Ugrumov | last post by:
I have tried to modify my exercise about the simulation of the life in the savannah. Now I have only 2 errors but I don't comprehend how resolve these errors. If I try to call the method getX() and getY() of the class Animale from the class Leone, the compiler return to me the same errors. These are the errors: c:\Documents and...
4
2734
by: Grey Plastic | last post by:
I have several classes that all keep track of static data. However, the manner that they keep track of static data is identical, and so I'm using the template<class Child> class Parent { ... }; idiom (don't know the name of it, if there is one). The problem is that I don't want any of my classes to have public constructors. They should be...
7
1936
by: Andy Ward | last post by:
Given the following code: class A { protected: int pro; }; class B : public A { public:
2
3896
by: yccheok | last post by:
hello, in a singleton design, i trying to make my parent class having protected constructor and destructor. however, the compiler give me error when my child, trying to delete itself through parent pointer. isn't child should have access to parent protected destructor? thank you. class CMachineFactory
3
9241
by: Tapas | last post by:
Hi, Generating a .cs file using CodeDom. It generates the class fine. But i have few queries about class generation. 1. How to create a protected member? By default it generates a private method. To make it static say, I do something like this - CodeMemberMethod method = new CodeMemberMethod(); method.Name = "TestMethod";
11
3803
by: Kevin Prichard | last post by:
Hi all, I've recently been following the object-oriented techiques discussed here and have been testing them for use in a web application. There is problem that I'd like to discuss with you experts. I would like to produce Javascript classes that can be "subclassed" with certain behaviors defined at subclass time. There are plenty of...
5
5452
by: Ben | last post by:
Hello I have a protected variable in a class (Class A) that I need to call from another class (Class B) to modify. I thought what I had to do was create a public method in the class (Class A) containing the protected variable so that the modification(s) can be done. However, when I try this, I cannot see the public method from the second...
4
2931
by: softwaredoug | last post by:
Here is some test code I've been attempting to compile (Visual Studio 2003) test.h: class Base { protected: Base() {} public:
5
7208
by: Timothy Madden | last post by:
Hy static members of non-integral type need to be declared in the class, but defined (and constructed or initialized) outside the class. Like this class SystemName { public:
0
7518
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, weíll explore What is ONU, What Is Router, ONU & Routerís main...
0
7446
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7715
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7469
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7808
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5087
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3498
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3480
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1057
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.