I got stuck lecture class in typescript course!

hi everyone


saving password information in the private attribute, I think that it’s correct and normal, to avoid the user’s discretion to edit or read them, so why does the author say “dont ever do this”?

The full quote from this lecture is:

A common misconception by a lot of beginners is that we use private properties for storing sensitive data, like user’s password, credit card number, and so on. Don’t ever do this. We only use private properties for writing robust code.

I am pretty sure the “Don’t ever do this” is referring to the misconception, rather than the specific practice of storing a password or credit card number in a private field.

Basically, Mosh is saying that you should not think of private as just “an acceptable way to store very sensitive information” like this. That is not the purpose of a private field. In a particular application, it could be acceptable to have some piece of sensitive information in a private field, but that is not the purpose of a private field. The purpose of a private field is to prevent other classes from accessing or modifying that data directly. It has nothing to do with the sensitivity of that data.

It is your application’s job to protect access to sensitive information that your application might be processing. A private field is not “sufficient protection” for sensitive data - you have to make sure you handle it safely and make sure there is no way for the data to leak out of the application.

Hope that helps!

3 Likes