Explicit Serialization API and Security

Peter Levart peter.levart at gmail.com
Tue Jan 6 15:06:28 UTC 2015

Previous message: Explicit Serialization API and Security
Next message: Explicit Serialization API and Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/06/2015 04:03 PM, Peter Levart wrote:
> private void readObject(ObjectInputStream in) throws IOException, 
> ClassNotFoundException {
>         ObjectInputStream.GetField fields = in.readFields(); // this 
> already validates the types 

Well, not true currently. But type validation could be added at this point.

Peter

Previous message: Explicit Serialization API and Security
Next message: Explicit Serialization API and Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list