问题
I'm trying to remember a lesson I was taught briefly in school about safely passing data between winforms.
My instructor called it pipelining, though I'm not sure if this is the correct term or merely his own name for it. He stated that his method was safer than the easiest way of publicizing the data so that everything can access it. He said it was safer because his method prevented access of the data from external programs or unrelated forms and processes, and he hailed it as good programming practice.
My foundation in programming was very weak at the time. I lacked a deeper understanding of what he told me, and was really just repeating his steps. Without any concepts to bond his teachings to, I easily forgot his method.
Now, I am better at what I do and I want to establish in a simple Q&A the safest, most secure way to share data between winforms. That is, a method that keeps the data safe and secure, and can go from Form A to Form B, or Forms B, C, D... etc as I designate it, but does not leak out in any way.
To specify, I'm looking to share data between forms in the same application. Maybe some day I'll try to share data between processes, but right now I only care about the forms.
To make a more specific example, I am trying to pass the simple strings of name versionNumber
and lastEditDate
from the Main
form to an About
form, the knowledge for this allowing me to have a bunch of static variables that I only have to change in one location of the code, that can be passed down to any form I desire. But I want a secure way to do this, just in case passing data between forms by defining globally is considered bad practice, or unsafe.
回答1:
So the reasoning that you have given for just having a lot of public static data is not correct. It is no more or less secure from malicious attempts of another processes to access the information. It's in memory no matter what you do, so a malicious process (with sufficient privileges) can get at it no matter what, but they're likely to have a bit of a hard time of it no matter what as well. If you have a malicious process/user with that level of permissions you've already lost the fight; they can already do whatever they want.
The problems with storing all of your data in public static fields is merely a matter of effective development, not of actual security. When the data can be modified from anywhere in your entire program at any time it makes it extraordinary hard to understand what's going on in the program at any one point in time, it makes bugs really hard to track down as there could be problems almost anywhere in the code, it makes bringing in new developers to a project really hard because they can't just open up a class or two and understand them, they need to understand the entire application to be able to reason correctly about what's going on in any one part, due to the high level of coupling in your application.
You should strive to reduce coupling of various modules in your application by keeping the data more localized. This allows a developer to look at a single module (whether that be a form, a user control, some worker class, etc.) and only need to understand that class in front of them without needing to understand every single point in the entire application that also touches the same variables.
You also need to be very concerned about threading issues when you're accessing public static variables from multiple threads, since you almost certainly are going to require multiple threads in a winform application.
Finally, if you're storing all of your data statically it means that you'll never be able to have multiple instances of your forms. Most forms that you'll write, from a logical perspective, shouldn't require that there never be more than one of them in an application. If their data is localized to just them there isn't any problem creating a second form. If all of the data is static, then the forms will end up fighting with each other over that data.
As for how to accomplish this, the primary goal here should be to keep data scoped as narrowly as you are able to (which is something that you should generally strive for throughout all types of programming) without allowing variables to be accessible in places where they don't need to be accessed.
The case you've described is a fairly straightforward problem to solve. If a form is creating another form that needs some data upon construction, if that data is essential to the use of that other form then just create parameters in the constructor for that data. The form (or whatever else) creating it can then pass in that required data. If the data isn't required, or it isn't required right at construction, then the other option is to have properties that allow the "owner" of that form to pass in the data that is needed. Doing this isn't really any more complex than creating a public static field; it's simply creating a public non-static property.
Now that this data isn't static you know that, rather than being accessed from anywhere, that information is going to be provided from whoever is "owning" that particular instance of the form. You're limiting the scope of where the data can be accessed to place that needs it, and the place that has it, rather than "everywhere".
回答2:
I usually declare my variable in program.cs in your situation, and reach it from anywhere as Program.xxx. but you need a non public way of reaching a variable...
Ahhaaa, another way is as following. when you create a form from another form. Write an overloaded contructor for second form, and pass parameters to that contructor. like:
Form2 frm = new Form2(myParameter);
来源:https://stackoverflow.com/questions/19319482/safest-way-to-pass-data-between-forms-in-c-sharp-winforms