ASP.NET MVC安全性如何是静态变量 [英] ASP.NET MVC How safe are static variables
问题描述
我要确保我的网站能够在将来也是云中托管,它可以处理大量的请求。
安全性如何是静态变量?
他们是不安全的,因为由不同的用户单独的请求实际上是共享这些静态变量?或者是因为如果你小号$ P $垫网站上线/分片或类似的,(处理高负载)的线程共享静态变量?
主要是我有助手类,静态特性,我应该改变这种架构,这样我反而创建的每个类的实例,并访问实例?
例如下面是我在做什么的示例:
使用系统;
使用System.Collections.Generic;
使用System.Linq的;
使用的System.Web;
使用Mvc.Mailer;命名空间MVCWebsite.Helpers
{
公共类的AppSettings
{
公共静态无效OnAppInit()
{
//一般
AppName的=MyApp的;
DesktopBaseURLs =新词典<字符串,字符串>();
DesktopBaseURLs.Add(开发,本地主机:50560);
DesktopBaseURLs.Add(测试,www.test.whatever.com);
DesktopBaseURLs.Add(活,www.whatever.com);
MobileBaseURLs =新词典<字符串,字符串>();
MobileBaseURLs.Add(dev的,m.local.whatever.com);
MobileBaseURLs.Add(测试,m.test.whatever.com);
MobileBaseURLs.Add(活,m.whatever.com); //电子邮件
EmailHostName = AppName的+的.com; //眼下ATLEAST
NoReplyEmailAddress =无回复@+ EmailHostName.ToLower();
SupportEmailAddress =@支持+ EmailHostName.ToLower();
ErrorEmailAddress =错误@+ EmailHostName.ToLower(); //资源
TempFileURL =/内容/温度/;
UserDataURL =/内容/用户内容/;
ProfilePicturesURL = UserDataURL +的个人资料,照片/; VAR一个= GlobalHelper.GetURLAsServerPath(ProfilePicturesURL);
变种B = A; } //一般
公共静态字符串AppName的{搞定;组; }
公共静态字典<字符串,字符串> DesktopBaseURLs;
公共静态字典<字符串,字符串> MobileBaseURLs; //电子邮件
公共静态字符串EmailHostName {搞定;组; }
公共静态字符串NoReplyEmailAddress {搞定;组; }
公共静态字符串SupportEmailAddress {搞定;组; }
公共静态字符串ErrorEmailAddress {搞定;组; } //资源
公共静态字符串UserDataURL {搞定;组; }
公共静态字符串TempFileURL {搞定;组; }
公共静态字符串ProfilePicturesURL {搞定;组; } //方法
公共静态无效SetAppURL()
{ }
}
}
您code不是线程安全的。您共享这有可能被多个线程执行多个请求之间的静态变量。请记住,在词典< TKEY的,TValue>您所使用的底层存储类不是线程安全类的意思,你的code可能崩溃非常糟糕如果你试图从多个线程同时调用 OnAppInit 方法。如果在另一方面,你在呼唤这个 OnAppInit 静态方法只有你的Application_Start事件中一次(这是保证从单个线程只运行一次),你是pretty安全有使用它。
这就是说说,静态变量和方法一般都在应用一个坏主意,是不正确的。他们是一个坏主意,如果你不知道如何正确地使用它们,或者如果你不知道如何访问它们进行同步,如果你需要这是从并发线程完成。编写线程安全code是一个非常困难的课题,而如果你不放心,使错了(谁不编写多线程应用程序时,如ASP.NET应用程序?)根本就没有这样的共享状态。为此可使用的完善的地方在ASP.NET应用程序:
- 后端(可以是例如关系数据库)
- 应用程序状态
- 缓存
- HTTP上下文状态
- 会话状态
- 客户端的cookie
那些地方是专门为ASP.NET应用程序存储状态(除了可能在任何类型的应用中使用,当然是第一个)而设计的。
I want to ensure my website is capable of being hosted on the cloud in the future and also that it can handle a lot of requests.
How safe are static variables?
Are they unsafe because separate requests by separate users are actually sharing these static variables? Or is it because if you spread the site over threads/sharding or similar, (to handle high loads) the threads are sharing the static variables?
Mainly I have helper classes, with static properties, should I change this architecture so that I instead create an instance of each class and access the instances?
E.G Here is a sample of what I am doing:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using Mvc.Mailer;
namespace MVCWebsite.Helpers
{
public class AppSettings
{
public static void OnAppInit()
{
//General
AppName = "MyApp";
DesktopBaseURLs = new Dictionary<string, string>();
DesktopBaseURLs.Add("dev", "localhost:50560");
DesktopBaseURLs.Add("test", "www.test.whatever.com");
DesktopBaseURLs.Add("live", "www.whatever.com");
MobileBaseURLs = new Dictionary<string, string>();
MobileBaseURLs.Add("dev", "m.local.whatever.com");
MobileBaseURLs.Add("test", "m.test.whatever.com");
MobileBaseURLs.Add("live", "m.whatever.com");
//Emails
EmailHostName = AppName + ".com"; //For the moment atleast
NoReplyEmailAddress = "no-reply@" + EmailHostName.ToLower();
SupportEmailAddress = "support@" + EmailHostName.ToLower();
ErrorEmailAddress = "errors@" + EmailHostName.ToLower();
//Resources
TempFileURL = "/content/temp/";
UserDataURL = "/content/user-content/";
ProfilePicturesURL = UserDataURL + "profile-pictures/";
var a = GlobalHelper.GetURLAsServerPath(ProfilePicturesURL);
var b = a;
}
//General
public static string AppName { get; set; }
public static Dictionary<string, string> DesktopBaseURLs;
public static Dictionary<string, string> MobileBaseURLs;
//Emails
public static string EmailHostName { get; set; }
public static string NoReplyEmailAddress { get; set; }
public static string SupportEmailAddress { get; set; }
public static string ErrorEmailAddress { get; set; }
//Resources
public static string UserDataURL { get; set; }
public static string TempFileURL { get; set; }
public static string ProfilePicturesURL { get; set; }
//Methods
public static void SetAppURL()
{
}
}
}
Your code is not thread safe. You are sharing static variables between multiple requests which could potentially be executed by multiple threads. Bear in mind that the Dictionary<TKey, TValue> class that you are using as underlying storage is not a thread safe class meaning that your code could potentially crash very badly if you attempt to call the OnAppInit method concurrently from multiple threads. If on the other hand you are calling this OnAppInit static method only once inside your Application_Start event (which is guaranteed to run only once from a single thread) you are pretty safe to use it there.
This being said saying that static variables and methods are generally a bad idea in applications is not true. They are a bad idea if you don't know how to use them properly, or if you don't know how to synchronize the access to them if you need this to be done from concurrent threads. Writing thread-safe code is a very difficult subject and if you have fears to make it wrong (who doesn't when writing multithreaded applications such as an ASP.NET application?) simply do not share state like this. Use the well established places for this in an ASP.NET application:
- Backend (could be a relational database for example)
- Application State
- Cache
- Http Context State
- Session State
- Client cookies
Those places are specifically designed for storing state in an ASP.NET application (except the first one of course which could be used in any type of application).
这篇关于ASP.NET MVC安全性如何是静态变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
