在NodeJS中使用和更新全局变量是否安全？ [英] Is it safe to use and update global variables in NodeJS?

问题描述

我有一个节点服务器用于加载某些可以被任何人编写的脚本。我明白，当我启动我的节点服务器时，模块首次在全局范围内加载。当一个人请求一个页面时，它会被启动服务器回调加载;并且我可以根据请求使用所有已加载的模块。但我没有遇到一个脚本，其中全局变量在请求时间内发生了变化，并影响了进程中的每一个其他实例（也许有）。

我的问题是，就服务器崩溃而言，它是如何安全地改变全球数据的？另外，假设我已经编写了一个适当的锁定机制，可以在很短的时间内暂停所有实例的服务器，直到正确的数据加载完成。

解决方案

Node.js是单线程的。所以两个独立的请求不可能同时改变一个全局变量。因此，从理论上讲，这是安全的。

然而，如果您要做的事情就像将用户A的数据临时保存在一个变量中，然后当用户A稍后提交另一个请求时，请使用变量请注意，用户B可能会在可能改变用户A的数据之间发出请求。

对于这种情况，在数组或对象中保留全局值是分离用户数据的一种方式。另一种策略是使用闭包，这是在回调密集型或面向事件/承诺的库（如socket.io）中的常见做法。

当谈到多线程或多处理，像节点的内置集群模块那样的消息传递样式API具有相同的保证不会破坏全局变量，因为每个进程都有它自己的全局变量。有几个多线程模块实现类似 - 每个线程一个节点实例。然而，共享内存风格的API不能做出这样的保证，因为每个线程现在都是一个真正的操作系统线程，它可能会抢占对方并打破其他内存。因此，如果您决定尝试其中一个多线程模块，请注意这个问题。

使用消息传递可以实现假共享内存 - 有点就像我们用ajax或socket.io做的那样。所以我会亲自避免使用共享内存样式的多线程，除非我真的需要合作处理一个非常大的数据集，这会让消息传递体系结构停滞不前。

然后再一次，请记住，网络是一个巨大的消息传递体系结构，消息是HTML，XML和json。所以消息传递扩展到Google大小。

I have a node server for loading certain scripts that can be written by anyone. I understand that when I fire up my Node server, modules load for the first time in the global scope. When one requests a page, it gets loaded by the "start server" callback; and I can use all the already loaded modules per request. But I haven't encountered a script where global variables get changed during request time and affects every single other instance in the process (maybe there is).

My question is, how safe is it, in terms of server crashing, to alter the global data? Also, suppose that that I have written a proper locking mechanism that will "pause" the server for all instances for a very short amount of time until the proper data is loaded.

解决方案

Node.js is single threaded. So it's impossible for two separate requests to alter a global variable simultaneously. So in theory, it's safe.

However, if you're doing stuff like keep user A's data temporarily in a variable and then when user A later submits another request use that variable be aware that user B may make a request in between potentially altering user A's data.

For such cases keeping global values in arrays or objects is one way of separating user data. Another strategy is to use a closure which is a common practice in callback-intensive or event/promise oriented libraries such as socket.io.

When it comes to multithreading or multiprocessing, message passing style API like node's built-in cluster module has the same guarantees of not clobbering globals since each process have its own global. There are several multithreading modules that's implemented similarly - one node instance per thread. However, shared memory style APIs can't make such guarantees since each thread is now a real OS thread which may preempt each other and clobber each others memory. So if you ever decide to try out one of the multithreading modules, be aware of this issue.

It is possible to implement fake shared memory using message passing though - sort of like how we do it with ajax or socket.io. So I'd personally avoid shared memory style multithreading unless I really, really need to cooperatively work on a very large dataset that would bog down message passing architectures.

Then again, remember, the web is a giant message passing architecture with the messages being HTML and XML and json. So message passing scales to Google size.

这篇关于在NodeJS中使用和更新全局变量是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！