Reputation: 3576
Setting object's properties directly instead of through getters/setters
I came across this article written by Google's Webmaster which recommends setting/getting object parameters directly to improve code efficiency. However, I thought that doing as suggested (below) instead of accessing an object's properties through getter/setter methods) leaves the code vulnerable to attacks?
$rover = new dog();
$rover->name = 'rover';
echo $rover->name;
Upvotes: 0
Views: 50
Answers (1)
Reputation: 522499
There is no "security" implication at all. Code isn't more or less secure in terms of attackers over the internet because it does or doesn't use setters or getters. They don't "protect" anything in terms of security. What encapsulation and access control in the form of getters/setters does is to protect you from stomping on your own feet accidentally. $rover->name = .. allows you to assign anything to the attribute any time. $rover->setName(..) allows you to do some error checking when setting a value, which you can use to nip bugs in the bud earlier. But it does not prevent bugs entirely, nor does it prevent an attacker from doing malicious things. An attacker isn't going to write code to assign something to your properties. An attacker exploits bugs in code or logic loopholes; not property assignments.
Upvotes: 4
Related Questions
- private property access with setter from constructor vs direct access from constructor
- Get and set (private) property in PHP as in C# without using getter setter magic method overloading
- Emulate public/private properties with __get() and __set()?
- PHP OOP - Do getter setter use for prevent changing value of property?
- What is the best method for getting/setting properties in PHP OOP
- Setting Properties via Methods
- OOP setting a property through a method within the class?
- PHP properties with get/set functions
- Is it really that wrong not using setters and getters?
- How to properly call a method when setting a property in PHP (if even possible)