ID: 44273 Updated by: [EMAIL PROTECTED] Reported By: paulscheltema at gmail dot com Status: Bogus Bug Type: Scripting Engine problem Operating System: Windows XP / Linux Debian PHP Version: 5.2.5 New Comment:
And last but not least, here's an excerpt from the manual (http://www.php.net/manual/en/language.oop5.visibility.php): "The visibility of a property or method can be defined by prefixing the declaration with the keywords: public, protected or private. Public declared items can be accessed everywhere. Protected limits access to inherited and parent classes (and to the class that defines the item). Private limits visibility only to the class that defines the item." Previous Comments: ------------------------------------------------------------------------ [2008-03-11 22:04:36] [EMAIL PROTECTED] Maybe this explains it better: <?php class test { public $public = 'public'; private $private = 'private'; protected $protected = 'protected'; } $t = new test; var_dump($t); ?> And this will output everything, and it's expected and the correct behaviour. It's about the properties being isible/not-visible/writable to other classes. PPP is not meant for providing any security. (I admit, I'm bad at explaining things. :) ------------------------------------------------------------------------ [2008-03-05 14:25:25] paulscheltema at gmail dot com well, i guess its ok then, its just not what im used to with some other languages but i still think its wierd using protected to "protect" the data from the outside world, but not quite doing so. i now know storing vital information such as passwords inside class variables even protected ones, doesnt help much. so giving another developer access to an api doesnt protect me anymore either but if its no bug since changing the data isnt possible that way, so be it. and i have to say dont change the point: first you say its about visibility, i explain why it is, next you say it doesnt matter because you cant change its value ------------------------------------------------------------------------ [2008-03-05 14:03:01] [EMAIL PROTECTED] Yes, but can you _change_ it? (answer: no, not via that array..) ------------------------------------------------------------------------ [2008-03-04 13:27:58] paulscheltema at gmail dot com I think the bug is that I CAN access private / protected class data at runtime which neglects the whole point of private or protected data inside classes. It is to be protected! Why else use private data if you can access it anyway? its useless then. its just obstruction instead of security. (security in terms of data integrity) On the positive side at least i can not change the data. And to refer to your reaction precisely, lets have two classes A and B A is instanciated and has a private property x which is set, class B casts class A to an array and gains access to class A's private property x. This is not directly about visibility but it allows class B to "view" class A's private property x. ------------------------------------------------------------------------ [2008-03-03 13:41:02] [EMAIL PROTECTED] Private/protected is about visibility between _classes_ not with a class cast to an array. So what's the "bug" here? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44273 -- Edit this bug report at http://bugs.php.net/?id=44273&edit=1