Real example for access identifiers [public, protected, private]

Question

I am new to OOP.

I know that there are three identifiers and they should be used in different situations. I have also read lots of discussion regarding whether or not it is dangerous to use the "public" identifier too causally. But I don't really understand why this is dangerous.

Let say I have a windows application or web application. In those applications I declared some public methods or variables, how is that dangerous? I mean, my applications accept user input and then produce output, so in what ways can it be dangerous? How can others or other programs attack or take advantages or somehow do some damage to the application because of the "public" identifier.

Can anyone describe a real life example? Thanks.

Answer 1

Modifier    | Class | Package | Subclass | World
————————————+———————+—————————+——————————+———————
public      |  ✔    |    ✔    |    ✔     |   ✔
————————————+———————+—————————+——————————+———————
protected   |  ✔    |    ✔    |    ✔     |   ✘
————————————+———————+—————————+——————————+———————
no modifier |  ✔    |    ✔    |    ✘     |   ✘
————————————+———————+—————————+——————————+———————
private     |  ✔    |    ✘    |    ✘     |   ✘

---

Private:

Methods,Variables and Constructors

Methods, Variables and Constructors that are declared private can only be accessed within the declared class itself.

Private access modifier is the most restrictive access level. Class and interfaces cannot be private.

Note

Variables that are declared private can be accessed outside the class if public getter methods are present in the class. Variables, methods and constructors which are declared protected in a superclass can be accessed only by the subclasses in other package or any class within the package of the protected members' class.

Protected

The protected access modifier cannot be applied to class and interfaces.

Methods, fields can be declared protected, however methods and fields in a interface cannot be declared protected.

Note

Protected access gives the subclass a chance to use the helper method or variable, while preventing a nonrelated class from trying to use it.

Public

A class, method, constructor, interface etc declared public can be accessed from any other class.

Therefore fields, methods, blocks declared inside a public class can be accessed from any class belonging to the Java Universe.

http://javarevisited.blogspot.com/2012/10/difference-between-private-protected-public-package-access-java.html

Answer 2

Let's take it to a meta level instead, and pretend that we are instances of a class Person.

We have some information about us - name, age, gender, weight, height, hairColor, eyeColor, and so forth. Mostly, this is information that we expose to the outside world through incidental interaction, so this could be considered to be "public" information. I mean, there's no sense in hiding your eyeColor unless you really wanted to...

Now, there are a few things that we don't tell the outside world, but are willing to tell our children. These are things like recipes, how to solve math problems, how to do taxes, how to deal with nasty breakups, etc. These functions are passed down via inheritance, and as such, can only be referenced in terms of an ancestral hierarchy. We would call this "protected" information, or a "protected" method of solving these problems.

There are also the things that we keep only within the family, like the number of times your puppy has chewed up your sister's favorite doll, or where the family inheritance is. We could consider this, with a bit of wordsmithing, to be private within the hierarchy of our family.

Finally, there are the things we just don't share with anyone else, but we need this information to function on a daily basis. This is what we consider to be "private".

Now, the illustration of that meta example was a classical example of Access Modifiers.

• public indicates that everyone can see it and do what they will with it. That is to say, if you were to have a public accessible name, then I could at a whim, just change it to "Overflow Prime", and there'd be nothing you could do about it.

• protected indicates that this field or method is only visible to those that directly inherit from the class. So, for instance, Child extends Parent would imply that I get access to Parent's protected methods and fields.

• "package-private", or simply "no modifier", is a field or method that is only accessible and modifiable within the scope of a package. It means that the fields are public as far as the package is concerned, but completely unknown to anything outside of the package.

• private is a field or method that only the instance of that class can use and manipulate directly. Even if there's an inheritance chain, if the method or field is private, there's no way that the child classes can get to it.

Now, what does that mean in terms of your real world example?

Let's say, for instance, your web application handled sensitive information, like financial records. If I were able to modify the instance of the class that held my weekly pay check stub from a meager $600 to a sizable $79,999, then I would have both compromised the integrity of your application, exposed a major financial bug (from which bad things happen), and would have been cut a decent weekly check for my trouble.

That's the idea behind encapsulation. I want to expose only the bare minimum hooks and information to the outside world to ensure the integrity of my application, and to ensure that someone can't cut themselves a check they didn't deserve.