[Lazarus] Controlling access to a method

Hans-Peter Diettrich DrDiettrich1 at aol.com
Wed Jan 30 15:53:32 CET 2013


Mark Morgan Lloyd schrieb:
> Hans-Peter Diettrich wrote:
>> Mark Morgan Lloyd schrieb:
>>> Given a fragment of code like this:
>>>
>>> type
>>>   TDbConfigFrame = class(TFrame)
>>> ..
>>>   public
>>>     { public declarations }
>>>     property DbInit: TDbConfigInit write fdbInit;
>>>   end;
>>
>> A write-only property can be implemented by a (setter) procedure,
> 
> Yes, I was assuming that.
> 
>> to which you add whatever arguments may be useful (e.g. Sender).
> 
> OK, but in that case I presume that you can no longer go via the 
> object's property (reserved word).

Why do you need both?

> Also in that case I presume that some unauthorised caller could spoof an 
> explicit sender parameter.

What degree of security do you expect?

Would it be sufficient to initialize the field in the constructor?
Then you could add an constructor that takes the value, and make the 
field inaccessible to other code (private).

> Is there a reliable way to walk the stack and get a list of senders? I 
> presume at the very least that LineInfo would be needed for this, and 
> that the executable would have to be unstripped.
> 
>>> is there any way of enforcing a rule that DbInit can only be written 
>>> by (for example) a descendant of TForm or TNotebook? Or only being 
>>> writable by e.g. the OnCreate() method of certain designated form 
>>> instances?
>>
>> You can check Sender against the owner of the frame, if that helps.
> 
> Yes, that I like. However I think the problem is still getting the 
> sender in such a way that it can't be spoofed.

He who can read your source code also can modify it, to get rid of all 
your protection attempts.

DoDi





More information about the Lazarus mailing list