2

I know that JavaScript doesn't support private members, but you can emulate those. I'm wondering here is that if it's worth it. Is there a point in making variables and/or functions private in JavaScript?

Tower
  • 98,741
  • 129
  • 357
  • 507
  • see http://stackoverflow.com/questions/1437712/how-to-override-private-variable-in-javascript/1438592#1438592 for my opinion on that question... – Christoph Oct 03 '10 at 12:50

2 Answers2

2

Is there a point in making variables and/or functions private in JavaScript?

I would argue ‘no’... and ‘no’ in more languages than merely JavaScript.

Information-hiding and encapsulation is all very commendable, but unless you have security boundaries inside your application, you don't actually need to enforce privateness with strict language-level limits. Who is the untrusted attacker you're protecting your code from? Yourself? Others in your team?

In a Java environment you might theoretically be writing a class to give limited access to a resource to a sandboxed party like an applet. In that case you wouldn't want the applet code to be able to mess with private members as it might transgress over a security boundary.

But in JavaScript this isn't possible. You get one security context per host:port and you can't create effective security boundaries to limit code that shares your context. The ability to hide a variable is pretty meaningless when any JS code can completely take over the page's UI. (Plus, some browsers have occasionally had features that defeat private variables, for example Mozilla's old, now-removed __caller__.)

Consider instead the Python way: have a convention for effectively-private, even if the language doesn't enforce it. Putting an underscore at the beginning of a member name is warning enough that class-users shouldn't be messing with that member, but doesn't make yourself a load of annoying extra work when you're debugging or prototyping and need to temporarily ignore the privateness.

bobince
  • 528,062
  • 107
  • 651
  • 834
  • 3
    The purpose of private variables and encapsulation is not security or protection from nefarious people. It's abstraction. An external entity should not need to know how the internals are accomplished. The smaller the footprint of the interface, the less complexity exists for the consumer to understand. You should expose no more than is necessary to leverage the functionality. – dreadwail Nov 19 '11 at 21:50
0

Here is the stackOverflow answer about how to do this in circumstances when you would want to:

JavaScript private methods

And here is an article about signing that does include an expert's quote:

'On the other hand, because JavaScript has no concept of public and private methods, there are no internal methods that could be protected by simply signing a class. In addition, all methods can be changed at runtime, so must be protected at runtime.

In JavaScript you can add new properties to existing objects, or replace existing properties (including methods) at runtime. You cannot do this in Java. So, once again, protection that is automatic in Java must be handled separately in JavaScript.'

in the article at

http://docs.sun.com/source/816-6409-10/sec.htm

However, I would imagine that using private variables and methods might have some functionality in terms of resolving methods and variables that have the same signature but are in different classes, or not?

Community
  • 1
  • 1
Quinn1000
  • 55
  • 8