On Mon, Jun 03, 2002 at 04:44:05PM +0800, John Lim wrote: > We might not want people to fiddle around with the internals of a class, > for example an authentication class which holds the passwords of users. > Even if the whole web site is Zend Encoded, doing a var_dump on $GLOBALS > will reveal a lot about .the site.
Private variables and private functions are not a security tool. They enforce (partially) a contract between the producer and the user of a class. They also have big design problems, which ultimately lead to a lot of more, and more complicated issues (friend, protected and the like, debugging problems and so on). Kristian -- Kristian Köhntopp, NetUSE AG, Dr.-Hell-Straße, D-24107 Kiel Tel: +49 431 386 435 00, Fax: +49 431 386 435 99 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php