Is it good practices use global variable in huge project that are require more security (some where i read that is not DRY) if no then please explain why? Thanx in advance
在一个需要更多安全性的大型项目中使用全局变量(一些我读到的不是DRY的)是否很好,如果没有,请解释为什么?谢谢提前
1 个解决方案
#1
4
Regardless of where global variables are used, they are generally bad.
不管在哪里使用全局变量,它们通常都是不好的。
Why Global Variables Should Be Avoided When Unnecessary
为什么在不必要的时候应该避免全局变量
- Non-locality -- Source code is easiest to understand when the scope of its individual elements are limited. Global variables can be read or modified by any part of the program, making it difficult to remember or reason about every possible use.
- 非局部性——当其单个元素的范围受到限制时,源代码是最容易理解的。全局变量可以由程序的任何部分来读取或修改,使其难以记住或解释任何可能的使用。
- No Access Control or Constraint Checking -- A global variable can be get or set by any part of the program, and any rules regarding its use can be easily broken or forgotten. (In other words, get/set accessors are generally preferable over direct data access, and this is even more so for global data.) By extension, the lack of access control greatly hinders achieving security in situations where you may wish to run untrusted code (such as working with 3rd party plugins).
- 没有访问控制或约束检查——一个全局变量可以由程序的任何部分获得或设置,任何有关其使用的规则都很容易被破坏或被遗忘。(换句话说,get/set访问器通常比直接数据访问更可取,对于全局数据更是如此。)通过扩展,缺少访问控制极大地阻碍了在您可能希望运行不受信任的代码(比如使用第三方插件)的情况下实现安全性。
- Implicit coupling -- A program with many global variables often has tight couplings between some of those variables, and couplings between variables and functions. Grouping coupled items into cohesive units usually leads to better programs.
- 隐式耦合——带有许多全局变量的程序通常在这些变量之间具有紧密的耦合,并且在变量和函数之间具有耦合。将耦合的项目分组到聚合单元通常会导致更好的程序。
- Concurrency issues -- if globals can be accessed by multiple threads of execution, synchronization is necessary (and too-often neglected). When dynamically linking modules with globals, the composed system might not be thread-safe even if the two independent modules tested in dozens of different contexts were safe.
- 并发性问题——如果全局变量可以被多个执行线程访问,那么同步是必要的(而且常常被忽略)。当动态地将模块与全局变量链接时,即使在几十个不同的上下文中测试的两个独立模块是安全的,组成的系统也可能不是线程安全的。
- Namespace pollution -- Global names are available everywhere. You may unknowingly end up using a global when you think you are using a local (by misspelling or forgetting to declare the local) or vice versa. Also, if you ever have to link together modules that have the same global variable names, if you are lucky, you will get linking errors. If you are unlucky, the linker will simply treat all uses of the same name as the same object.
- 名称空间污染——全球名称随处可见。当您认为正在使用本地语言时(通过拼写错误或忘记声明本地语言),您可能会在不知不觉中使用全局语言,反之亦然。此外,如果您需要将具有相同全局变量名的模块链接在一起,如果幸运的话,您将会得到链接错误。如果你不走运,链接器只会把所有使用相同名称的用户都当作相同的对象。
- Memory allocation issues -- Some environments have memory allocation schemes that make allocation of globals tricky. This is especially true in languages where "constructors" have side-effects other than allocation (because, in that case, you can express unsafe situations where two globals mutually depend on one another). Also, when dynamically linking modules, it can be unclear whether different libraries have their own instances of globals or whether the globals are shared.
- 内存分配问题——有些环境有内存分配方案,使全局分配变得棘手。在“构造函数”除了分配之外还有其他副作用的语言中尤其如此(因为在这种情况下,您可以表示两个全局变量相互依赖的不安全情况)。此外,当动态链接模块时,可能不清楚不同的库是否有自己的全局变量实例,或者是否共享全局变量。
- Testing and Confinement - source that utilizes globals is somewhat more difficult to test because one cannot readily set up a 'clean' environment between runs. More generally, source that utilizes global services of any sort (e.g. reading and writing files or databases) that aren't explicitly provided to that source is difficult to test for the same reason. For communicating systems, the ability to test system invariants may require running more than one 'copy' of a system simultaneously, which is greatly hindered by any use of shared services - including global memory - that are not provided for sharing as part of the test.
- 测试和限制——使用全局变量的源更难于测试,因为在运行之间不能很容易地建立一个“干净”的环境。更一般地说,使用任何类型的全局服务(例如读和写文件或数据库)而没有显式地提供给该源的源很难进行同样的测试。对于通信系统,测试系统不变量的能力可能需要同时运行一个系统的多个“副本”,这极大地阻碍了共享服务(包括全局内存)的使用,而共享服务是作为测试的一部分不提供的。
#1
4
Regardless of where global variables are used, they are generally bad.
不管在哪里使用全局变量,它们通常都是不好的。
Why Global Variables Should Be Avoided When Unnecessary
为什么在不必要的时候应该避免全局变量
- Non-locality -- Source code is easiest to understand when the scope of its individual elements are limited. Global variables can be read or modified by any part of the program, making it difficult to remember or reason about every possible use.
- 非局部性——当其单个元素的范围受到限制时,源代码是最容易理解的。全局变量可以由程序的任何部分来读取或修改,使其难以记住或解释任何可能的使用。
- No Access Control or Constraint Checking -- A global variable can be get or set by any part of the program, and any rules regarding its use can be easily broken or forgotten. (In other words, get/set accessors are generally preferable over direct data access, and this is even more so for global data.) By extension, the lack of access control greatly hinders achieving security in situations where you may wish to run untrusted code (such as working with 3rd party plugins).
- 没有访问控制或约束检查——一个全局变量可以由程序的任何部分获得或设置,任何有关其使用的规则都很容易被破坏或被遗忘。(换句话说,get/set访问器通常比直接数据访问更可取,对于全局数据更是如此。)通过扩展,缺少访问控制极大地阻碍了在您可能希望运行不受信任的代码(比如使用第三方插件)的情况下实现安全性。
- Implicit coupling -- A program with many global variables often has tight couplings between some of those variables, and couplings between variables and functions. Grouping coupled items into cohesive units usually leads to better programs.
- 隐式耦合——带有许多全局变量的程序通常在这些变量之间具有紧密的耦合,并且在变量和函数之间具有耦合。将耦合的项目分组到聚合单元通常会导致更好的程序。
- Concurrency issues -- if globals can be accessed by multiple threads of execution, synchronization is necessary (and too-often neglected). When dynamically linking modules with globals, the composed system might not be thread-safe even if the two independent modules tested in dozens of different contexts were safe.
- 并发性问题——如果全局变量可以被多个执行线程访问,那么同步是必要的(而且常常被忽略)。当动态地将模块与全局变量链接时,即使在几十个不同的上下文中测试的两个独立模块是安全的,组成的系统也可能不是线程安全的。
- Namespace pollution -- Global names are available everywhere. You may unknowingly end up using a global when you think you are using a local (by misspelling or forgetting to declare the local) or vice versa. Also, if you ever have to link together modules that have the same global variable names, if you are lucky, you will get linking errors. If you are unlucky, the linker will simply treat all uses of the same name as the same object.
- 名称空间污染——全球名称随处可见。当您认为正在使用本地语言时(通过拼写错误或忘记声明本地语言),您可能会在不知不觉中使用全局语言,反之亦然。此外,如果您需要将具有相同全局变量名的模块链接在一起,如果幸运的话,您将会得到链接错误。如果你不走运,链接器只会把所有使用相同名称的用户都当作相同的对象。
- Memory allocation issues -- Some environments have memory allocation schemes that make allocation of globals tricky. This is especially true in languages where "constructors" have side-effects other than allocation (because, in that case, you can express unsafe situations where two globals mutually depend on one another). Also, when dynamically linking modules, it can be unclear whether different libraries have their own instances of globals or whether the globals are shared.
- 内存分配问题——有些环境有内存分配方案,使全局分配变得棘手。在“构造函数”除了分配之外还有其他副作用的语言中尤其如此(因为在这种情况下,您可以表示两个全局变量相互依赖的不安全情况)。此外,当动态链接模块时,可能不清楚不同的库是否有自己的全局变量实例,或者是否共享全局变量。
- Testing and Confinement - source that utilizes globals is somewhat more difficult to test because one cannot readily set up a 'clean' environment between runs. More generally, source that utilizes global services of any sort (e.g. reading and writing files or databases) that aren't explicitly provided to that source is difficult to test for the same reason. For communicating systems, the ability to test system invariants may require running more than one 'copy' of a system simultaneously, which is greatly hindered by any use of shared services - including global memory - that are not provided for sharing as part of the test.
- 测试和限制——使用全局变量的源更难于测试,因为在运行之间不能很容易地建立一个“干净”的环境。更一般地说,使用任何类型的全局服务(例如读和写文件或数据库)而没有显式地提供给该源的源很难进行同样的测试。对于通信系统,测试系统不变量的能力可能需要同时运行一个系统的多个“副本”,这极大地阻碍了共享服务(包括全局内存)的使用,而共享服务是作为测试的一部分不提供的。