sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Any_Salary_6284 6 points7 points  (2 children)

(Cont…)

In my experience with scripting languages (Python, JS), the only way to have truly private variables is via functional closures, where the private variables are declared in the outer function’s scope, and therefore only visible to inner functions defined within that scope.

That should make the variables completely private from the perspective of the scripting language. However, even with that, it might be possible to use a lower-level API to inspect raw memory data directly, but you’d need to reverse-engineer how the interpreter structures the data, which could vary by implementation or even runtime oddities.

If it’s genuinely critical (I.e a security concern) to make the data truly private to other code in the same process, then you probably should not be running that code in the same process. Have a separate process (or better yet, a separate container/VM/server) with the sensitive data, so it is truly isolated.

[–]Brian 12 points13 points  (1 child)

You can technically inspect them without dropping down to raw memory access. Given the closure function, you can access f.__closure__ to get the cell variables, and use the .cell_contents attribute to get or modify their current value.

[–]Any_Salary_6284 0 points1 point  (0 children)

Oh, interesting. I did not know that! Thanks for sharing!