在C#Winforms中的表单之间传递数据的最安全方法 [英] Safest way to pass data between forms in c# winforms

问题描述

我想回想一下我在学校简短地教过的一门关于在Winform之间安全地传递数据的课程.

I'm trying to remember a lesson I was taught briefly in school about safely passing data between winforms.

我的讲师将其称为 pipelining ，尽管我不确定这是正确的术语还是仅仅是他自己的名字.他表示，他的方法比最简单的数据公开方法安全，以便所有人都能访问它.他说这样做比较安全，因为他的方法可以防止从外部程序或不相关的形式和过程访问数据，并称赞它是良好的编程习惯.

My instructor called it pipelining, though I'm not sure if this is the correct term or merely his own name for it. He stated that his method was safer than the easiest way of publicizing the data so that everything can access it. He said it was safer because his method prevented access of the data from external programs or unrelated forms and processes, and he hailed it as good programming practice.

当时我在编程方面的基础非常薄弱.我对他告诉我的内容缺乏更深入的了解，实际上只是在重复他的步骤.没有任何可绑定他的教义的概念，我很容易忘记了他的方法.

My foundation in programming was very weak at the time. I lacked a deeper understanding of what he told me, and was really just repeating his steps. Without any concepts to bond his teachings to, I easily forgot his method.

现在，我更擅长于做我想做的事情，并且希望通过简单的问与答建立一种最安全，最安全的方式在winform之间共享数据.也就是说，一种可以确保数据安全的方法，可以按照我指定的方式从Form A转换为Form B，或者从Form B，C，D ...等迁移，但不会泄漏 以任何方式退出.

Now, I am better at what I do and I want to establish in a simple Q&A the safest, most secure way to share data between winforms. That is, a method that keeps the data safe and secure, and can go from Form A to Form B, or Forms B, C, D... etc as I designate it, but does not leak out in any way.

要指定，我希望在同一应用程序的表单之间共享数据.也许有一天我会尝试在流程之间共享数据，但是现在我只关心表单.

To specify, I'm looking to share data between forms in the same application. Maybe some day I'll try to share data between processes, but right now I only care about the forms.

作为一个更具体的例子，我试图将名称versionNumber和lastEditDate的简单字符串从Main形式传递到About形式，有关这一点的知识使我可以一堆我只需在代码的一个位置中更改静态变量即可，这些静态变量可以向下传递为我想要的任何形式.但是我想要一种安全的方法，以防万一通过全局定义在表单之间传递数据被认为是不好的做法或不安全.

To make a more specific example, I am trying to pass the simple strings of name versionNumber and lastEditDate from the Main form to an About form, the knowledge for this allowing me to have a bunch of static variables that I only have to change in one location of the code, that can be passed down to any form I desire. But I want a secure way to do this, just in case passing data between forms by defining globally is considered bad practice, or unsafe.

推荐答案

因此，您给出的仅拥有大量公共静态数据的理由是不正确的.它或多或少不会受到其他进程恶意访问信息的企图.无论您做什么，它都在内存中，所以无论如何，一个恶意进程(具有足够的特权) 都可以达到目的，但是无论如何，它们都可能会遇到一些困难什么.如果您有一个具有该级别权限的恶意进程/用户，则您已经失去了战斗；他们已经可以做任何想做的事.

So the reasoning that you have given for just having a lot of public static data is not correct. It is no more or less secure from malicious attempts of another processes to access the information. It's in memory no matter what you do, so a malicious process (with sufficient privileges) can get at it no matter what, but they're likely to have a bit of a hard time of it no matter what as well. If you have a malicious process/user with that level of permissions you've already lost the fight; they can already do whatever they want.

将所有数据存储在公共静态字段中的问题仅是有效开发的问题，而不是实际的安全性.当可以随时在整个程序中的任何地方修改数据时，这使得在任何时间点都很难理解程序中正在发生的事情，这使得错误真正变得难以追踪由于代码中几乎任何地方都可能存在问题，这使新开发人员很难进入项目，因为他们不能只打开一两个类并理解它们，而是需要了解整个应用程序 em>由于应用程序中的高度耦合，因此能够正确地推理出任一部分中发生的事情.

The problems with storing all of your data in public static fields is merely a matter of effective development, not of actual security. When the data can be modified from anywhere in your entire program at any time it makes it extraordinary hard to understand what's going on in the program at any one point in time, it makes bugs really hard to track down as there could be problems almost anywhere in the code, it makes bringing in new developers to a project really hard because they can't just open up a class or two and understand them, they need to understand the entire application to be able to reason correctly about what's going on in any one part, due to the high level of coupling in your application.

您应该通过使数据更加本地化来努力减少应用程序中各个模块的耦合.这使开发人员可以查看单个模块(无论是表单，用户控件，某些工人类，等等)，而只需要在它们前面了解该类，而无需了解整个应用程序中的每个点.也触及相同的变量.

You should strive to reduce coupling of various modules in your application by keeping the data more localized. This allows a developer to look at a single module (whether that be a form, a user control, some worker class, etc.) and only need to understand that class in front of them without needing to understand every single point in the entire application that also touches the same variables.

从多个线程访问公共静态变量时，您还需要非常担心线程问题，因为您几乎肯定会在winform应用程序中需要多个线程.

You also need to be very concerned about threading issues when you're accessing public static variables from multiple threads, since you almost certainly are going to require multiple threads in a winform application.

最后，如果您要静态存储所有数据，这意味着您将永远无法拥有多个表单实例.从逻辑的角度来看，您将要编写的大多数表格都要求，在应用程序中不要超过一个.如果他们的数据仅本地化，那么创建第二个表单就没有问题.如果所有数据都是静态的，则表单最终将在该数据上相互争斗.

Finally, if you're storing all of your data statically it means that you'll never be able to have multiple instances of your forms. Most forms that you'll write, from a logical perspective, shouldn't require that there never be more than one of them in an application. If their data is localized to just them there isn't any problem creating a second form. If all of the data is static, then the forms will end up fighting with each other over that data.

关于如何做到这一点，这里的主要目标应该是在不允许变量可访问的情况下，使数据的范围尽可能地窄(这是您在所有类型的编程中通常都应努力的目标).不需要访问它们的地方.

As for how to accomplish this, the primary goal here should be to keep data scoped as narrowly as you are able to (which is something that you should generally strive for throughout all types of programming) without allowing variables to be accessible in places where they don't need to be accessed.

您描述的情况是一个非常简单的问题.如果一个表单正在创建另一个在构造时需要一些数据的表单，如果该数据对于使用其他表单是 essential ，则只需在该数据的构造函数中创建参数.然后，创建表单的表单(或其他任何表单)可以传入所需的数据.如果不需要数据，或者在构造时不需要数据，那么另一种选择是具有允许该表单的所有者"传递所需数据的属性.这样做实际上并不比创建公共静态字段复杂.只是创建一个公共的非静态属性.

The case you've described is a fairly straightforward problem to solve. If a form is creating another form that needs some data upon construction, if that data is essential to the use of that other form then just create parameters in the constructor for that data. The form (or whatever else) creating it can then pass in that required data. If the data isn't required, or it isn't required right at construction, then the other option is to have properties that allow the "owner" of that form to pass in the data that is needed. Doing this isn't really any more complex than creating a public static field; it's simply creating a public non-static property.

现在，该数据不是静态的，您知道，而不是从任何地方访问该信息，将由拥有"该表单的特定实例的任何人提供该信息.您在限制可访问数据的位置范围以及需要它的位置，而不是无处不在".

Now that this data isn't static you know that, rather than being accessed from anywhere, that information is going to be provided from whoever is "owning" that particular instance of the form. You're limiting the scope of where the data can be accessed to place that needs it, and the place that has it, rather than "everywhere".

这篇关于在C#Winforms中的表单之间传递数据的最安全方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！