java - 为什么这被认为是不安全的?
问题描述
最近,我用 Java MVC 框架编写了一个简单的游戏,一位高级程序员在审查时告诉我,使用 score 是不安全的,它的 getter 和 setter 在玩家模型本身中定义。不幸的是,我无法从他们那里获得更多信息,说明它是如何以及为什么看起来如此,我无法弄清楚为什么。
有人可以查看这些类并指出为什么这种架构不可取吗?
播放器型号:
public class player implements Comparable<player>{
private int score;
private int consecutive_misses;
private String name;
private int foul_count;
private int turn;
private boolean win;
public player()
{
this.score=0;
this.consecutive_misses=0;
this.foul_count=0;
this.win=false;
}
public void setWin(boolean win)
{
this.win=win;
}
public boolean getWin()
{
return this.win;
}
public void setPlayerName(String name)
{
this.name=name;
}
public void setTurn(int turn)
{
this.turn=turn;
}
public int getTurn()
{
return this.turn;
}
public void addScore(int score)
{
this.score+=score;
}
public String getName()
{
return this.name;
}
public int getScore(){
return this.score;
}
public void resetFoulCount() {
this.foul_count = 0;
}
public void incrementFoulCount() {
this.foul_count++;
}
public int getFoulCount()
{
return this.foul_count;
}
public void resetConsecutiveMisses() {
this.consecutive_misses = 0;
}
public void incrementConsecutiveMisses() {
this.consecutive_misses++;
}
public int getConsecutiveMisses()
{
return this.consecutive_misses;
}
public int compareTo(player comparePlayer)
{
int compareScore=((player) comparePlayer).getScore();
return compareScore-this.score;
}
}```
the main game model class where i implemented player model
package com.tiffany.CleanStrike_1.models;
import java.util.HashMap;
import java.util.Map;
public class gameModel {
private int player_count;
private player[] players;
private player current_player;
private player winner=new player();
private gameState game_state;
private boolean draw=false;
private carromBoard carrom_board;
public gameModel(int player_count,int black_coin_count,int red_coin_count,int black_val,int red_val)
{
this.game_state=gameState.DORMANT;
this.players=new player[player_count];
for(int i=0;i<player_count;i++)
{
this.players[i]=new player();
}
this.setPlayerCount(player_count);
Coin black_coin=new Coin(CoinColour.BLACK,black_val);
carrom_board=new carromBoard();
this.carrom_board.addCoin(black_coin,black_coin_count);
Coin red_coin=new Coin(CoinColour.RED,red_val);
this.carrom_board.addCoin(red_coin,red_coin_count);
}
public int getNoOfCoins(CoinColour colour)
{
Map<Coin,Integer> coins=new HashMap<Coin,Integer>();
coins=this.getCoinsOnBoard();
for(Coin coin: coins.keySet())
{
if(coin.getColour()==colour)
return coins.get(coin);
}
return 0;
}
public void setPlayerName(int i,String name)
{
this.players[i].setPlayerName(name);
}
public void setGameDraw()
{
this.draw=true;
}
public boolean getGameDraw()
{
return this.draw;
}
public void setGameState(gameState game_s)
{
this.game_state=game_s;
}
public gameState getGameState()
{
return this.game_state;
}
public int getCountOfAllCoins()
{
return this.carrom_board.getCountOfAllCoins();
}
public int getCoinValue(CoinColour colour)
{
for ( Coin coin : this.carrom_board.getCoins().keySet() ) {
if(coin.getColour()==colour) {
return coin.getValue();
}
}
return 0;
}
public void setWinner(player w)
{
this.winner=w;
}
public player getWinner()
{
return this.winner;
}
public void setCurrentPlayer(player p)
{
this.current_player=p;
}
public player getCurrentPlayer()
{
return this.current_player;
}
public void setPlayerCount(int count)
{
this.player_count=count;
}
public int getPlayerCount()
{
return this.player_count;
}
public Map<Coin,Integer> getCoinsOnBoard()
{
return this.carrom_board.getCoins();
}
public void removeCoin(CoinColour colour,int count)
{
this.carrom_board.removeCoin(colour, count);
}
public player[] getPlayers()
{
return this.players;
}
}
解决方案
一个类不应该暴露它的内部结构。通过暴露其内部结构,它违反了许多法律,例如德墨忒耳法则,其他职业可以利用这种情况并设置他们想要的任何分数。您可以在 Clean Code 一书中了解更多相关信息。
推荐阅读
- batch-file - 批量转到 if 语句
- python - m5/objects/__init__.py 文件 gem5 中发生了什么
- c# - JsonConvert.DeserializeObject 文件转换成模型类 web api .net core
- typescript - 使用打字稿时 html-webpack-plugin 上的错误太多
- python - 如何在 Databricks 笔记本中获取运行参数和 runId?
- c# - 将两种不同的类型组合成一个 linq 查询并对其进行排序
- android-studio - Flutter中复选框的OnChanged状态
- javascript - 这个 for 循环在 Javascript 中是如何工作的?
- rules - 将剪辑中的值存储到变量中
- html - 加密的 R Markdown HTML 文件不显示图表?