为什么反射可以在C#中访问类的受保护/私有成员?
[英]Why can reflection access protected/private member of class in C#?
问题描述
Why can reflection access protected/private member of class in C#? 
为什么反射可以在C#中访问类的受保护/私有成员?
Is this not safe for the class, why is reflection given such power? 这对于全班来说是不安全的,为什么反思会给予这种力量? Is this an anti-pattern ? 这是反模式吗?
3 个解决方案
解决方案1
22 2010-01-18 07:06:05
Member accessibility is not a security feature. 成员辅助功能不是安全功能。 It is there to protect the programmer against himself or herself. 它是为了保护程序员免受他或她自己的伤害。 It helps implementing encapsulation but it is by no means a security feature. 它有助于实现封装,但它绝不是安全功能。
Reflection is tedious enough to use so that people normally don't go out of their way to use it to access non-public members. 反思是冗长乏味的,因此人们通常不会自愿使用它来访问非公共成员。 It's also quite slow. 它也很慢。 Reflection is normally used in special cases only. 反射通常仅用于特殊情况。 However, nothing can protect completely against human stupidity, if someone wants to abuse reflection he can easily do it, but even without the reflection API, they can achieve the same thing (if they're running in full trust, that is) if they are determined enough. 然而,没有什么可以完全保护人类的愚蠢,如果有人想滥用反思,他可以很容易地做到,但即使没有反射API,他们也可以实现同样的事情(如果他们完全信任,那就是)如果他们足够坚定了。
解决方案2
19 已采纳 2010-01-18 07:02:59
This is necessary for scenarios such as remoting, serialization, materialization, etc. You shouldn't use it blindly, but note that these facilities have always been available in any system (essentially, by addressing the memory directly). 这对于远程处理,序列化,物化等场景是必要的。您不应盲目使用它,但请注意,这些设施始终可用于任何系统(实际上,通过直接寻址内存)。 Reflection simply formalises it, and places controls and checks in the way - which you aren't seeing because you are presumably running at "full trust", so you are already stronger than the system that is being protected. 反思简单地将其形式化,并将控制和检查放在路上 - 您没有看到它,因为您可能正在以“完全信任”运行,因此您已经比受保护的系统更强大。
If you try this in partial trust, you'll see much more control over the internal state. 如果您在部分信任中尝试此操作,您将看到对内部状态的更多控制。
Is it an anti-pattern?
Only if your code uses it inappropriately. 仅当您的代码使用不当时。 For example, consider the following (valid for a WCF data-contract): 例如,请考虑以下内容(对WCF数据协定有效):
[DataMember]
private int foo;
public int Foo { get {return foo;} set {foo = value;} }
Is it incorrect for WCF to support this? WCF支持这个是不正确的吗? I suspect not... there are multiple scenarios where you want to serialize something that isn't part of the public API, without having a separate DTO. 我怀疑没有...有多种情况下你想要序列化不属于公共API的东西,而没有单独的DTO。 Likewise, LINQ-to-SQL will materialize into private members if you so elect. 同样,如果您选择,LINQ-to-SQL将实现为私有成员。
解决方案3
-1 2010-01-18 07:11:06
Reflection is absolute necessary for a debugger. 反射对于调试器来说是绝对必要的。 Imagine that you are stepping through your program and unable to see values of your private variables. 想象一下,您正在单步执行程序,无法查看私有变量的值。 That's probably the reason why reflection works in .NET and Java the way it works, to make debugging really easy. 这可能就是为什么反射在.NET和Java中工作的原因,使调试变得非常简单。
If we wouldn't need debuggers, then I can imagine that reflection would be restricted more in the spirit of OOP . 如果我们不需要调试器,那么我可以想象反射将更多地受到OOP精神的限制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.