Reputation: 33
Is Ruby's open dynamic class structure (duck typing) secure?
I"m a newish Ruby/Rails developer with years of Java experience. This "security" question is specific to ruby - not rails - which is why it was hard to find an answer as most rails security questions deal with web stuff.
As a Java developer I've read Effective Java several times. One of the key points made in that book is to protect your data and methods in your classes from malicious users. By that I mean : make as much of your code private as possible, use immutable classes and use defensive copying when returning references to immutable objects. You can use the final keyword too.
But in Ruby, everything is open. Sure you can make a method / data private, but but as a consumer of a Ruby API, is there anything stopping me from writing my own version of the method then simply (dynamically at run time or in code) attaching it to a class in the API? Seems like all the security discussed in Effective Java doesn't apply to Ruby at all. Is this just a mindset shift from Java? Isn't this a "flaw" in Ruby or other similar languages?
Upvotes: 1
Views: 234
Answers (2)
Reputation: 146133
The defense is against bad design, not intruders
Encapsulation, class-private functionality, and other recommended OO design patterns are not there to defend again malicious foreign functions and enemy classes.
Rather, the idea is simply to structure the program in a way that makes it less fragile and easier to modify.
Think of each class as a separate building. We could build a new office so that it's leaning on the next building to the north and perhaps extend some steel from the building to the west to help hold up our new structure.
The obvious result would be damage to the structural integrity of the N and W neighbors, and questionable support for the new construction. With software, bad ideas like these are not always so obvious, so we read books full of principles and recommendations to remind us.
Upvotes: 3
Reputation: 375744
In order for this to be a vector of attack, the malicious user has to be able change code that you will then run. If he can do that, it doesn't matter what language you are using: you are running his code, and he owns you.
Upvotes: 2
Related Questions
- How do Ruby programmers do type checking?
- Is this use of polymorphism misleading and therefore bad design?
- Ruby and duck typing: design by contract impossible?
- Subclassing core Ruby class such as Hash
- Member verification vs Interface
- Does this look right as Ruby's duck typing?
- Do Ruby's "Open Classes" break encapsulation?
- Module "duck typing" pitfalls?
- Duck typing - what about when you need a concrete type?
- When you say Ruby is reflective, does this mainly refer to "duck typing"?