Towards better serialization
Remi Forax
forax at univ-mlv.fr
Wed Jun 12 07:53:56 UTC 2019
Re-reading the proposal,
there is something i think is dangerous, the keyword "open" offers a false promise, it offers the possibility to consider the reified form of the data encoded in the serialization stream as something which is not "really" public.
Once an instance is serialized (by whatever serializers), it becomes public knowledge because you can always forge it. Trying to hide that is IMO an error.
Rémi
----- Mail original -----
> De: "Brian Goetz" <brian.goetz at oracle.com>
> À: "amber-dev" <amber-dev at openjdk.java.net>
> Envoyé: Mardi 11 Juin 2019 21:21:19
> Objet: Towards better serialization
> I've posted a document at:
>
> http://cr.openjdk.java.net/~briangoetz/amber/serialization.html
> <http://cr.openjdk.java.net/~briangoetz/amber/serialization.html>
>
> on an exploration we've been doing to address some of the shortcomings
> of Java serialization, building on other tools that have been (or will
> be) added to the platform. Rather than attempt to add band-aids on
> existing serialization, it addresses the risks of serialization at their
> root. It is somewhat of a shift -- it cannot represent all object
> graphs, and it makes some additional work for the author -- but it
> brings object serialization into the light, where it needs to be in
> order to be safer. This is an early draft; questions, and constructive
> feedback on the approach, are welcome.
More information about the amber-dev
mailing list