By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,404 Members | 2,145 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,404 IT Pros & Developers. It's quick & easy.

How can change the implementation of my code to make it more secure?

P: 74
I am working on C++ application in which I focus on changing the implementation of my code to make it more secure, but I do have a couple of questions. How can a variable with the same name be used and not conflict with each other in c++ code? How can a parameter be named the same as a variable in the same class? What is 'this->name'? Why should never have direct access to an objects' attributes (variables)?
The first of two things I would like to change would be the following: change the access designation in the classes to prohibit the line that has the fido.name and how can I add content to the classes (both Dog and Cat) to permit access to the variables so that I can access the name attribute? Here is my source code and picture of a command prompt of what it looks like before the implementation. I know that it is going to output the command prompt I have attached below, but what steps do I need to do to implement the changes I would like to see above?

Expand|Select|Wrap|Line Numbers
  1. #include "stdafx.h"
  2. #include <iostream>
  3. #include <string>
  4. #include <cstdlib>
  5. using namespace std;
  6.  
  7. class Dog {
  8. public:
  9. string name;
  10.  
  11.  
  12. public:
  13. // constructor
  14. Dog (string name) {
  15. this->name = name;
  16. cout << "Dog's name is " << name << endl;
  17. }
  18.  
  19. };
  20.  
  21. class Cat {
  22. public:
  23. string name;
  24. public:
  25. // constructor
  26. Cat (string name) {
  27. this->name = name;
  28. cout << "Cat's name is " << name << endl;
  29. }
  30.  
  31. };
  32.  
  33. int main () {
  34. Dog fido ("Fido");
  35. Cat spot ("Spot");
  36.  
  37. // These 2 lines of code break the object-oriented paradigm in a major way
  38. cout << "From main, the Dog's name is " << fido.name << endl;
  39. cout << "From main, the Cat's name is " << spot.name << endl;
  40. cout << "Hit any key to continue" << endl;
  41. system ("pause");
  42.  return 0;
  43. }
Attached Images
File Type: png pic 1.PNG (4.6 KB, 85 views)
Mar 22 '17 #1
Share this Question
Share on Google+
18 Replies


weaknessforcats
Expert Mod 5K+
P: 9,197
I will make several posts since yuou have several questions.

First question: How can two variables have the same name and not conflict in C++ code.

Answer: They conflict just like they do in C. However, you can protect yourself by using a namespace:

Expand|Select|Wrap|Line Numbers
  1. namespace deseals22
  2. {
  3.  
  4. int data;
  5.  
  6. }
The name of this variable is deseals22::data. Not unless someone else is also using the deseals22 namespace will there be a problem.

Read this: https://bytes.com/topic/c/insights/7...obal-variables
Mar 23 '17 #2

weaknessforcats
Expert Mod 5K+
P: 9,197
In a class:

Expand|Select|Wrap|Line Numbers
  1. class Test
  2. {
  3.   private:
  4.     int data;
  5.  
  6.   public:
  7.  
  8.     void funct(int data);
  9. }
  10.  
Here you have to tell the compiler which data you are using. The class member or the class member function. The code for the member function looks like:

Expand|Select|Wrap|Line Numbers
  1. void Test::funct(int data)
  2. {
  3.  
  4.    data = data;
  5. }
  6.  
This tells the compiler to assign the function argument to itself. Not good.

Expand|Select|Wrap|Line Numbers
  1. void Test::funct(int data)
  2. {
  3.  
  4.    this->data = data;
  5. }
  6.  
This code tells the compiler to assign the function argument to the object's data member. The address of the object is placed into the this pointer when the member function is called. It is passed as a hidden first argument. Yes it's true, this member function has 2 arguments.

PRIME RULE: Every use of a class member should be precedes by this->. Period. Every time.

You can only use the this pointer inside a class member function.
Mar 23 '17 #3

weaknessforcats
Expert Mod 5K+
P: 9,197
Why should you not allow direct access to a class data members?

Suppose the data member must have a value between 1 and 20 and I change it using my own code to 347382? They do this in C and they have one crisis after another. Usually, I hear "I don't want my creativity spoiled by some blah blah..."

Actually, the programmer is lazy and doesn't want to follow any rules at all.

The way out of this is to lock up the class data member and provide access to it only through a class member function which you provide which will insure the class data member has the correct range of values.

Any other procedure will fail and your application will crash. I have scars to prove this.
Mar 23 '17 #4

weaknessforcats
Expert Mod 5K+
P: 9,197
In your code example, your main should look like:

Expand|Select|Wrap|Line Numbers
  1. int main()
  2. {
  3.    Dog fido("Fido");
  4.    Cat spot("Spot");
  5.  
  6.    cout << "Dog's name is: " << fido.getname() << end;
  7.    cout << "Cat's name is: " << spot.getname() << end   
  8.  
  9. }
Here you can't see how the name is implemented. This leaves you free to implement the name differently without having to change this user code.

Expose you are using a C++ string object and have your user tie 100,000 lines of code to this implementation and you have just killed you ability to evolve your application. This may be a career ending move.
Mar 23 '17 #5

weaknessforcats
Expert Mod 5K+
P: 9,197
BTW: Why do your ctors have displays in them???

A ctor initializes your class members and quits.

You really have no idea how your class data needs to be displayed. Only the user knows that. So remove all displays from your class code before your users come after you with flaming red eyes.
Mar 23 '17 #6

P: 74
@weaknessforcats, What do you mean "ctors"?
Mar 23 '17 #7

weaknessforcats
Expert Mod 5K+
P: 9,197
A ctor is a common term for constructor. I don't have to type so many letters. Remember about lazy programmers?

There is also a dtor for destructor.
Mar 23 '17 #8

P: 74
@weaknessforcats, Okay I understand.But programmers might want to still spell things out just in case there is a miscommunication between you and people.
Mar 23 '17 #9

P: 74
@weaknessforcats, Thank you so much for answering all my questions, but do you have any online references where I can read more about these things? I am just starting to learn about classes and scope, and function in C++
Mar 23 '17 #10

P: 74
@weaknessforcats, Do you mean remove all the cout << statements for each one of my class constructors? This is because I will eventually display the output of the Dog's name and Cat's name in the main function?
Mar 23 '17 #11

P: 74
@weaknessforcats,Do the getname() functions that I will have for each class work just like they do in Java? Or do you have to do it another way?
Mar 23 '17 #12

weaknessforcats
Expert Mod 5K+
P: 9,197
What I did when I started was to read a C++ textbook and solve all the problems using a real compiler. When I finished the book I got another one and repeated the process. I never read the same book twice. At the same time I took C++ classes at a community college. It took me 3 years to get good enough to get hired.

I tell my students that one time I was getting my haircut and asked the barber what it took to get a barber license. OOoohh he said that took 6 weeks of school and 1800 hours or haircutting. I thought: 6 weeks is about 200 hours plus the 1800 hours of practice comes to about 2000 hours. So I say C++ is as easy as cutting hair: 2000 hours of practice and you're there.
Mar 23 '17 #13

weaknessforcats
Expert Mod 5K+
P: 9,197
Yes you remove those couts from your constructors.

All the constructor is for is to initialize your class data members. That's it.

This is part of a larger concept: A function is to do one thing. The less a function does the more places you can use it.

I guess my question is: How do you know how the data is to be displayed???? I mean in real life you write the class and other people use it so how can you know what their display requirements are?

A C++ class should never have a display in it.
Mar 23 '17 #14

weaknessforcats
Expert Mod 5K+
P: 9,197
I don't know Java so I can't answer your question.

At your level just write a member function that returns a copy of your class data member. That is, do not return a reference to your class data member. References are not copies they are alternate names for the data member. A hacker could use the reference to access your data member as though you had made it public.
Mar 23 '17 #15

P: 74
@weaknessforcats, Can you take a look at my modified version and see if I need to implement anything else? I know it compiles good, but you take a look at the logic part of my to tell me if it's correct?

Expand|Select|Wrap|Line Numbers
  1. #include "stdafx.h"
  2. #include <iostream>
  3. #include <string>
  4. #include <cstdlib>
  5. using namespace std;
  6.  
  7. class Dog 
  8. {
  9.  
  10.        public: 
  11.        void setName(string n);  // creates a setName() method
  12.  
  13.        // creates a getName() to return the dog's name
  14.        string getName() const {return name; } 
  15.  
  16.       // declares the data member "name" private so that no one can have 
  17.       // direct access to this variable. 
  18.        private: string name; 
  19.  
  20.  
  21.     // this constructor is used later on used to pass an argument for the new 
  22.     // object created in the main app.   
  23.     public: 
  24.     // constructor
  25.     Dog (string name) {
  26.     this->name= name; 
  27.     }
  28.  
  29. };
  30.  
  31. class Cat {
  32.  
  33.       public: 
  34.        void setName(string n); 
  35.        string getName() const {return name;}
  36.  
  37.     private: string name;
  38.  
  39.   public:
  40.      // constructor
  41.     Cat (string name) {
  42. this->name = name;
  43. }
  44.  
  45. };
  46.  
  47. int main () {
  48. Dog fido ("Fido");
  49. Cat spot ("Spot");
  50.  
  51. // These 2 lines of code break the object-oriented paradigm in a major way
  52. cout << "From main, the Dog's name is " << fido.getName() << endl;
  53. cout << "From main, the Cat's name is " << spot.getName() << endl;
  54. cout << "Hit any key to continue" << endl;
  55. system ("pause");
  56.  return 0;
  57. }
Mar 23 '17 #16

weaknessforcats
Expert Mod 5K+
P: 9,197
The code looks good. I compiled it.

I see there is an include of stdafx.h. That is a Microsoft Windows header you don't need unless you are writing Windows code. You can safely remove it.

The next step for you is to create a cat.h and a dog.h as separate files. Then create a cat.cpp and a dog.cpp that contains the code for the class.

For example:

Expand|Select|Wrap|Line Numbers
  1. dog.h
  2.  
  3. class Dog
  4. {
  5.  
  6. public:
  7.     void setName(string n);  // creates a setName() method
  8.  
  9.     // creates a getName() to return the dog's name
  10.     string getName() const;
  11.  
  12.     // declares the data member "name" private so that no one can have 
  13.     // direct access to this variable. 
  14. private: string name;
  15.  
  16.  
  17.          // this constructor is used later on used to pass an argument for the new 
  18.          // object created in the main app.   
  19. public:
  20.     // constructor
  21.     Dog(string name);
  22.  
  23. };
  24.  
Expand|Select|Wrap|Line Numbers
  1. Dog.cpp
  2.  
  3. #include "dog.h"
  4.  
  5. // constructor
  6.     Dog::Dog(string name) {
  7.         this->name = name;
  8.     }
  9.  
  10. etc...
The main.cpp looks like:

Expand|Select|Wrap|Line Numbers
  1. #include "dog.h"
  2. #include "cat.h"
  3.  
  4. int main() {
  5.     Dog fido("Fido");
  6.     Cat spot("Spot");
  7.  
  8.     // These 2 lines of code break the object-oriented paradigm in a major way
  9.     cout << "From main, the Dog's name is " << fido.getName() << endl;
  10.     cout << "From main, the Cat's name is " << spot.getName() << endl;
  11.     cout << "Hit any key to continue" << endl;
  12.     system("pause");
  13.     return 0;
  14. }
Finally create a project that contains main.cpp cat.cpp and dog.cpp. Then build the project.

The result should be the same as you have right now. The difference is you have detached your class definition from the file with main(). Now you can use your classes in other programs without having to make copies.
Mar 24 '17 #17

P: 74
@weaknessforcats,
Why when you have more than one CPP source code, you have to compile them at same time? I get that the compiler doesn't know where to refer to implement the set/get accessors you used in your main app. For example, in another application that I was doing, when I didn't compiled the two different CPP's together, the compiler came back with the following message: 'Undefined reference to Employee::getLastName()' which I eventually found that if you declared a CPP file with all of get/set functions, you have to compile this along with the main application or basically the other CPP file that has your main application in it.
Mar 26 '17 #18

weaknessforcats
Expert Mod 5K+
P: 9,197
You do not need to compile all the files at the same time. When you don't, you need already compiled versions of those files. That is a software library and based on where you are now, save this for another day.

At this point you add all cpp files to your project. Then you build the project.

The build has two steps: 1)compile and 2(link)

In the compile step each file is compiled SEPARATELY. Each file must have the correct headers. If a function you call is not coded in the file before the first call in file being compiled you get an error and the compile fails UNLESS you have declared this function to the compiler (using a function prototype) before you make the first call. In this case the call is allowed but the function is marked "unresolved external reference".

In the link step, the linker copies all of your object files your .exe

Next, the linker examines each copied object file looking for unresolved external references left by the compiler. When it finds one, it searches all the other object files (and all the libraries) in your .exe looking for the code for that function. When it finds it, the address of the code is used for the unresolved external reference making the unresolved reference go away.

If any external references remain unresolved, the .exe is deleted and your build fails.

Outfits like Microsoft when they build Windows may use a hundred or more machines all running at the same time to do a build. A build often looks like an art form.

The exact process for a build is kept in a file called a makefile. Visual Studio creates the makefile for your builds and then calls the make utility. The make utility reads the make file where all the compiles are listed in the correct order, all the linker actions in the correct order, etc. It is the make utility that fires off the compiler for each of your cpp fies.
Mar 26 '17 #19

Post your reply

Sign in to post your reply or Sign up for a free account.