{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"一、安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一、組件原則(指導性)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"軟件的複雜度和它的規模成指數關係"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 一個複雜度爲100的軟件系統,如果能拆分成兩個互補相關,同等規模的子系統,那麼每個子系統的複雜度應該是25,而不是50。軟件開發這個行業很久之前就形成了一個共識,應該將複雜的軟件系統進行拆分,拆成多個更低複雜度的子系統,子系統還可以繼續拆分成更小粒度的組件。也就是說,軟件需要進行模塊化,組件化設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"組件內聚原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件內聚原則主要討論哪些類應該聚合在同一個組件中,以便組件既能提供相對完整的功能,又不至於太過龐大。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 複用發佈等同原則 ,共同封閉原則,共同複用原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"複用發佈等同原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 複用發佈等同原則是說軟件複用的最小粒度應該等同於其發佈的最小粒度。也就是說,如果你希望別人以怎樣的粒度複用你的軟件,你就應該以怎樣的粒度發佈你的軟件。這其實就是組件的定義,組件的軟件複用和發佈的最小粒度軟件單元。這個粒度既是複用的粒度,也是發佈的粒度。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 版本號約定建議:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 版本號格式: 主版本號.次版本號.修訂號。比如 1.3.12, 在這個版本號中,主版本號是1,次版本號是3,修訂號是12。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 1.主版本號升級,表示組件發生了不向前兼容的重大修訂;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 2.次版本號升級,表示組件進行了重要的功能修訂或者bug修復,但是組件是向前兼容的;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 3.修訂號升級,表示組件進行了不重要的功能修訂或者bug修復"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同封閉原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同封閉原則是說,我們應該將那些會同時修改,並且爲了相同目的而修改的類放到同一個組件中。而將不會同時修改,並且不會爲了相同目的而修改的類放到不同的組件中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的目的雖然是爲了複用,然而開發中常常引發問題,恰恰在於組件本身的可維護性。如果組件在自己的生命週期中必須經歷各種變更,那麼最好不要涉及其它組件,相關的變更都在同一個組件中。這樣,當變更發生的時候,只需要重新發布這個組件就可以了,而不是將一大堆組件都收到牽連。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同複用原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同複用原則是說,不要強迫一個組件的用戶依賴他們不需要的東西。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個原則一方面是說,我們應該將互相依賴,共同複用的類放在一個組件中。比如說,一個數據結構容器組件,提供數組、Hash表等各種數據結構容器,那麼對數據結構遍歷的類,排序的類也應該放在這個組件中,以使這個組件中的類公共對外提供服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 另一個方面,這個原則也說明,如果不是被共同依賴的類,就不應該放在同一個組件中,如果不被依賴的類發生變更,就會引起組件變更,進而引起使用組件的程序發生變更。這樣就會導致組件的使用者產生不必要的困擾,甚至討厭使用這樣的組件,也造成了組件複用的困難。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"組件耦合原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件內聚原則討論的是組件應該包含哪些功能和類,而組件耦合原則討論組件之間的耦合關係應該如何設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 無循環依賴原則 ,穩定依賴原則,穩定抽象原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 無循環依賴原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件依賴關係中不應該出現環,如果組件A依賴組件B,組件B依賴組件C,組件C又依賴組件A,就形成了循環依賴。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 很多時候,循環依賴是在組件的變更過程中逐漸形成的,組件A版本1.0依賴組件 B 版本1.0,後來組件 B 升級到1.1,升級的某個功能依賴組件A的1.0版本,於是形成了循環依賴。如果鑽設計的邊界不清晰,組件開發設計缺乏評審,開發中之關注自己開發的組件,整個項目對組件依賴管理沒有統一的規則,很有可能出現循環依賴。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定依賴原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的依賴關係必須指向更穩定的方向。較少變更的組件是穩定的,也就是說,經常變更的組件是不穩定的。根據穩定依賴原則,不穩定的組件應該依賴穩定的組件,而不是反過來。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 反過來說,如果一個組件被更多的組件依賴,那麼它需要相對是穩定的,因爲想要變更一個被很多組件依賴的組件,本身就是一件困難的事。相對應的,如果一個組件依賴了很多的組件,那麼它相對也是不穩定的,因爲它依賴的任何組件變更,都可能導致自己的變更。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定依賴原則通俗的說就是,組件不應該依賴一個比自己還不穩定的組件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定抽象原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 一個組件的抽象化程度應該於其穩定性程序一致。也就是說,一個穩定的組件應該是抽象的,而不穩定的組件應該是具體的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個原則對具體開發的指導意義就是: 如果你設計的組件是具體的、不穩定的,那麼可以爲這個組件對外提供服務的類設計一組接口,並把這組接口封裝在一個專門的組件中,那麼這個組件相對就是比較抽象、穩定。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Java中的JDBC就是這樣一個例子,我們開發應用程序的時候只需要使用JDBC的接口編程就可以了,而發佈應用的時候,我們制定具體的實現組件,可以是MySQL實現的JDBC組件,也可以是Oracle實現的JDBC組件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的邊界與依賴關係,不僅僅是技術問題"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的邊界與依賴關係劃分,不僅需要考慮技術穩定,也要考慮業務場景問題。易變與穩定,依賴於被依賴,都需要放在業務場景中去考察。有的時候,甚至不只是技術和業務的問題,還需要考慮人的問題,在一個負載的組織中,組件的依賴和設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"二、安全架構"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有一種架構師叫做安全架構師,它平時不用參與什麼開發。但是要時時刻刻的去關注系統的安全。當被攻擊的時候有沒有信息泄漏。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在各種情況下每天都要去監控,每天要去提安全報告。發現代碼中的問題,信息安全中的問題。被攻擊的時候要想好策略。做一些"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相關的準備。安全架構師要專職的去做。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理性能的架構師每天注意性能,瓶頸點在哪裏。定時的去出報告。寫方案,評估方案,把這個方案融入到日常的開發中。把它執行了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構師可以入手的點,比如 系統架構師,他關注的是整個的系統如何拆分。還可以從性能和安全入手,從可用性入手,從分佈式入手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從代碼重構,從DDD領域分析 入手,這些都是可以入手的點 ,只要把這些其中的一個點做好了也是一個方面的架構師。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當團隊稍微有點兒規模的時候,每一個領域都需要一個專門的人去做。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"XSS攻擊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"see "},{"type":"link","attrs":{"href":"https://zhuanlan.zhihu.com/p/26177815","title":null},"content":[{"type":"text","text":"https://zhuanlan.zhihu.com/p/26177815"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"XSS是跨站腳本攻擊(Cross Site Scripting),爲不和層疊樣式表(Cascading Style Sheets, CSS)的縮寫混淆,故將跨站腳本攻擊縮寫爲XSS。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"惡意攻擊者往Web頁面裏插入惡意Script代碼,當用戶瀏覽該頁之時,嵌入其中Web裏面的Script代碼會被執行,從而達到惡意攻擊用戶的目的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" XSS的危害"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" XSS的攻擊方式就是想辦法“教唆”用戶的瀏覽器去執行一些這個網頁中原本不存在的前端代碼。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 可以乾的壞事還有很多,比如 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 1.竊取網頁瀏覽中的cookie值 document.cookie"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 2.劫持流量實現惡意跳轉 在留言板等地方插入 "},{"type":"text","marks":[{"type":"strong"}],"text":""},{"type":"text","text":"window.location.href"},{"type":"text","marks":[{"type":"strong"}],"text":"="},{"type":"text","text":"\""},{"type":"link","attrs":{"href":"http://www.baidu.com/","title":null},"content":[{"type":"text","text":"http://www.baidu.com"}]},{"type":"text","text":"\";"},{"type":"text","marks":[{"type":"strong"}],"text":""}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 核心防禦手段:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 消毒: XSS攻擊者一般都是通過在請求中嵌入惡意腳本達到攻擊目的,這些腳本是一般用戶輸入中不使用的,如果進行過濾和消毒處理,即"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對某些HTML危險字段轉義,如”>”轉義爲 “>”、”
安全及高可用策略
{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"一、安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一、組件原則(指導性)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"軟件的複雜度和它的規模成指數關係"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 一個複雜度爲100的軟件系統,如果能拆分成兩個互補相關,同等規模的子系統,那麼每個子系統的複雜度應該是25,而不是50。軟件開發這個行業很久之前就形成了一個共識,應該將複雜的軟件系統進行拆分,拆成多個更低複雜度的子系統,子系統還可以繼續拆分成更小粒度的組件。也就是說,軟件需要進行模塊化,組件化設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"組件內聚原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件內聚原則主要討論哪些類應該聚合在同一個組件中,以便組件既能提供相對完整的功能,又不至於太過龐大。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 複用發佈等同原則 ,共同封閉原則,共同複用原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"複用發佈等同原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 複用發佈等同原則是說軟件複用的最小粒度應該等同於其發佈的最小粒度。也就是說,如果你希望別人以怎樣的粒度複用你的軟件,你就應該以怎樣的粒度發佈你的軟件。這其實就是組件的定義,組件的軟件複用和發佈的最小粒度軟件單元。這個粒度既是複用的粒度,也是發佈的粒度。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 版本號約定建議:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 版本號格式: 主版本號.次版本號.修訂號。比如 1.3.12, 在這個版本號中,主版本號是1,次版本號是3,修訂號是12。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 1.主版本號升級,表示組件發生了不向前兼容的重大修訂;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 2.次版本號升級,表示組件進行了重要的功能修訂或者bug修復,但是組件是向前兼容的;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 3.修訂號升級,表示組件進行了不重要的功能修訂或者bug修復"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同封閉原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同封閉原則是說,我們應該將那些會同時修改,並且爲了相同目的而修改的類放到同一個組件中。而將不會同時修改,並且不會爲了相同目的而修改的類放到不同的組件中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的目的雖然是爲了複用,然而開發中常常引發問題,恰恰在於組件本身的可維護性。如果組件在自己的生命週期中必須經歷各種變更,那麼最好不要涉及其它組件,相關的變更都在同一個組件中。這樣,當變更發生的時候,只需要重新發布這個組件就可以了,而不是將一大堆組件都收到牽連。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同複用原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 共同複用原則是說,不要強迫一個組件的用戶依賴他們不需要的東西。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個原則一方面是說,我們應該將互相依賴,共同複用的類放在一個組件中。比如說,一個數據結構容器組件,提供數組、Hash表等各種數據結構容器,那麼對數據結構遍歷的類,排序的類也應該放在這個組件中,以使這個組件中的類公共對外提供服務。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 另一個方面,這個原則也說明,如果不是被共同依賴的類,就不應該放在同一個組件中,如果不被依賴的類發生變更,就會引起組件變更,進而引起使用組件的程序發生變更。這樣就會導致組件的使用者產生不必要的困擾,甚至討厭使用這樣的組件,也造成了組件複用的困難。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"組件耦合原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件內聚原則討論的是組件應該包含哪些功能和類,而組件耦合原則討論組件之間的耦合關係應該如何設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 無循環依賴原則 ,穩定依賴原則,穩定抽象原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 無循環依賴原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件依賴關係中不應該出現環,如果組件A依賴組件B,組件B依賴組件C,組件C又依賴組件A,就形成了循環依賴。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 很多時候,循環依賴是在組件的變更過程中逐漸形成的,組件A版本1.0依賴組件 B 版本1.0,後來組件 B 升級到1.1,升級的某個功能依賴組件A的1.0版本,於是形成了循環依賴。如果鑽設計的邊界不清晰,組件開發設計缺乏評審,開發中之關注自己開發的組件,整個項目對組件依賴管理沒有統一的規則,很有可能出現循環依賴。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定依賴原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的依賴關係必須指向更穩定的方向。較少變更的組件是穩定的,也就是說,經常變更的組件是不穩定的。根據穩定依賴原則,不穩定的組件應該依賴穩定的組件,而不是反過來。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 反過來說,如果一個組件被更多的組件依賴,那麼它需要相對是穩定的,因爲想要變更一個被很多組件依賴的組件,本身就是一件困難的事。相對應的,如果一個組件依賴了很多的組件,那麼它相對也是不穩定的,因爲它依賴的任何組件變更,都可能導致自己的變更。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定依賴原則通俗的說就是,組件不應該依賴一個比自己還不穩定的組件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 穩定抽象原則"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 一個組件的抽象化程度應該於其穩定性程序一致。也就是說,一個穩定的組件應該是抽象的,而不穩定的組件應該是具體的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個原則對具體開發的指導意義就是: 如果你設計的組件是具體的、不穩定的,那麼可以爲這個組件對外提供服務的類設計一組接口,並把這組接口封裝在一個專門的組件中,那麼這個組件相對就是比較抽象、穩定。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Java中的JDBC就是這樣一個例子,我們開發應用程序的時候只需要使用JDBC的接口編程就可以了,而發佈應用的時候,我們制定具體的實現組件,可以是MySQL實現的JDBC組件,也可以是Oracle實現的JDBC組件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的邊界與依賴關係,不僅僅是技術問題"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 組件的邊界與依賴關係劃分,不僅需要考慮技術穩定,也要考慮業務場景問題。易變與穩定,依賴於被依賴,都需要放在業務場景中去考察。有的時候,甚至不只是技術和業務的問題,還需要考慮人的問題,在一個負載的組織中,組件的依賴和設計。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"二、安全架構"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有一種架構師叫做安全架構師,它平時不用參與什麼開發。但是要時時刻刻的去關注系統的安全。當被攻擊的時候有沒有信息泄漏。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在各種情況下每天都要去監控,每天要去提安全報告。發現代碼中的問題,信息安全中的問題。被攻擊的時候要想好策略。做一些"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相關的準備。安全架構師要專職的去做。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理性能的架構師每天注意性能,瓶頸點在哪裏。定時的去出報告。寫方案,評估方案,把這個方案融入到日常的開發中。把它執行了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構師可以入手的點,比如 系統架構師,他關注的是整個的系統如何拆分。還可以從性能和安全入手,從可用性入手,從分佈式入手。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從代碼重構,從DDD領域分析 入手,這些都是可以入手的點 ,只要把這些其中的一個點做好了也是一個方面的架構師。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當團隊稍微有點兒規模的時候,每一個領域都需要一個專門的人去做。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"XSS攻擊"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"see "},{"type":"link","attrs":{"href":"https://zhuanlan.zhihu.com/p/26177815","title":null},"content":[{"type":"text","text":"https://zhuanlan.zhihu.com/p/26177815"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"XSS是跨站腳本攻擊(Cross Site Scripting),爲不和層疊樣式表(Cascading Style Sheets, CSS)的縮寫混淆,故將跨站腳本攻擊縮寫爲XSS。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"惡意攻擊者往Web頁面裏插入惡意Script代碼,當用戶瀏覽該頁之時,嵌入其中Web裏面的Script代碼會被執行,從而達到惡意攻擊用戶的目的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" XSS的危害"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" XSS的攻擊方式就是想辦法“教唆”用戶的瀏覽器去執行一些這個網頁中原本不存在的前端代碼。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 可以乾的壞事還有很多,比如 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 1.竊取網頁瀏覽中的cookie值 document.cookie"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 2.劫持流量實現惡意跳轉 在留言板等地方插入 "},{"type":"text","marks":[{"type":"strong"}],"text":""},{"type":"text","text":"window.location.href"},{"type":"text","marks":[{"type":"strong"}],"text":"="},{"type":"text","text":"\""},{"type":"link","attrs":{"href":"http://www.baidu.com/","title":null},"content":[{"type":"text","text":"http://www.baidu.com"}]},{"type":"text","text":"\";"},{"type":"text","marks":[{"type":"strong"}],"text":""}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 核心防禦手段:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 消毒: XSS攻擊者一般都是通過在請求中嵌入惡意腳本達到攻擊目的,這些腳本是一般用戶輸入中不使用的,如果進行過濾和消毒處理,即"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對某些HTML危險字段轉義,如”>”轉義爲 “>”、”
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章