On Wed, Jun 18, 2008 at 3:10 PM, Dean H. Saxe
<[EMAIL PROTECTED]> wrote:
> What I would want to is annotate the properties to say whether the
> getter/setter should be autogenerated, that way it leaves control to the
> developer.
If you don't want it autogenerated, just call it private. It's not
generating code in the CFC, just an implicit getter setter. Would a
private get/set that you never even have to look at be good enough?
Bigger question, what's the use case for a property that you couldn't
get/set, even privately?
> I like the idea of the addition of a roles check for
> authorization to call specific setters/getters.
Cool.
> Also, is the autogenerated setter/getter secure? Remember, java passes by
> value... the value is a reference to the original object except for
> primitive types, in which case it is a copy of the primitive (e.g. String).
> So for object references, if I use the getter to get a CFC reference (e.g.
> myFoo.getBar() returns a Bar CFC), and then modify a property of that CFC
> using its setter (e.g. bar.setFooBarBlah("blah...")) ... did I just modify
> the private instance of bar that is held by Foo? This can result in some
> pretty interesting vulnerabilities... (Yes, this is probably overkill, but
> why not enquire...)
In CF, I always assume complex objects (CFCs/Arrays) are always passed
by reference. This is the same as explicit functions where you pass
in a CFC in a cfargument tag.
Frequently, if I have a function that accepts a typed CFC as an
argument and the function makes some change to that passed in CFC
Instance, I don't even bother returning the modified CFC Instance
because it's already been modified by reference. On these functions I
usually just return void and get on with it.
-Cameron
--
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.com
---
cell: 678.637.5072
aim: cameroncf
email: [EMAIL PROTECTED]
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
