Explicit Serialization API and Security
Peter Levart
peter.levart at gmail.com
Wed Jan 14 20:56:24 UTC 2015
On 01/14/2015 12:37 PM, Chris Hegarty wrote:
>> What do you think?
>
> I agree completely.
>
> An API at the level that you are proposing will provide the necessary
> functionality and flexibility that is required to do validation in
> readObject. As you clearly stated, and is already the case, validation
> in this way can depend on supertype state.
>
> Failure automicity of the whole type hierarchy is the only thing that
> is missing, but I think that could possibly be built on top, or solved
> in a different way. I don't see that as being a blocker for moving
> this forward. This proposal stands on its own merits.
>
> Peter,
> Is this something that you want to actively flesh out? If not, I can
> try to help move this forward.
Hi Chris,
I can prepare a prototype, yes. Just give me a couple of days.
Regards, Peter
>
> -Chris.
More information about the core-libs-dev
mailing list