使用TidHTTPServer服务GET请求的安全方法 [英] Using TidHTTPServer to serve GET request the safe way
问题描述
我有一个包含许多服务的类,这些服务基本上可以调用数据库连接(DBISAM或通过ZEOS)。
I have a class with many services that basically call Database connections (DBISAM or via ZEOS).
我正在使此类在Web服务中可用,例如使用TidHTTPServer。我从中使用OnCommandGet事件,并使用ARequestInfo:TIdHTTPRequestInfo; AResponseInfo:TIdHTTPResponseInfo发出请求和结果。
I am makinge this class available in a webservice like using TidHTTPServer. I am using the OnCommandGet Event from it and use the ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo to make the requests and results.
我创建了一个TObjectList来保存与此服务类相关的每个客户端的实例。创建数据库连接并为每次调用释放该连接,以免出现线程问题。
I have created a TObjectList to hold an instance of each client related to this service class. The connection to the database is created and freed for every call done, in a hope to not have thread problems.
我想知道这是否是正确的方法。我没有使用来自TidHTTPServer的会话。在每个服务请求中,我都会在TObjectList上找到存储与该连接有关的信息的对象。
I want to know if this is the proper way. I am not using session from the TidHTTPServer. Upon each service request I find out the object on the TObjectList that stores the info related to that connection.
我查看了问题,但没有获得所需的所有信息。
I have looked over questions but I did not get all the information I need.
但是我不确定安全性,特别是当许多呼叫可以同时发生时。由于很难同时测试多个连接,因此我经常使用它,通常每次使用1个电话。
However I am not sure about the safety, specially when many calls can happen simultaneously. I have been using it regularly mostly 1 call per time, since is hard to test with many connections at same time.
我想知道这是否是正确的方法,否则,如何实现桥来安全地调用我的类(我在上创建了QueryActivity此类,模仿COM查询样式)传递请求并返回参数。
I want to know if this is the right approach, or if not, how can I implement a "bridge" to safely call my class (I have created a QueryActivity on this class, mimicking the COM query style) passing request and returning the parameters.
Delphi XE2-Indy 10.5.8
Delphi XE2 - Indy 10.5.8
推荐答案
Indy TCP服务器类(作为tTIdHTTPServer)可以选择分配特定于应用程序的上下文类。此类包含有关客户端的特定于连接的信息,并且可以使用自定义属性进行扩展以携带您的应用程序特定的信息。为此,请从TIdServerContext创建一个子类,然后将该类分配给服务器的ContextClass。
Indy TCP server classes (as tTIdHTTPServer) have the option to assign a application-specific context class. This class contains connection-specific information about the client and can be extended with custom properties to carry your application specific information. To do this, create a subclass from TIdServerContext, and assign the class to the server's ContextClass.
如果请求之间的连接保持活动状态(建议这样做可以节省资源) ,此上下文将在其生命周期内保留特定于应用程序的客户端信息。
If the connection is kept alive between requests (which is recommended to save resources), this context will keep the application-specific client information for its lifetime.
Indy还允许迭代所有已连接的连接上下文的列表,例如,以支持广播消息,或收集信息。
Indy also allows to iterate the list of all connected connection context, for example to support broadcast messages, or to collect information.
Stackoverflow示例:
Examples on Stackoverflow:
这篇关于使用TidHTTPServer服务GET请求的安全方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
