Explicit Serialization API and Security
Peter Firmstone
peter.firmstone at zeus.net.au
Thu Jan 29 12:20:17 UTC 2015
I decided to sample cpu load (see attached), with debugging enabled for
the validating ObjectInputStream and JERI, so heaps of output to the
console.
There are no performance optimisations with stream validation, I've just
focused on correctness and security.
Thank you HotSpot developers, nice job :)
To give you some background in the tests, there's a heap of dynamic
class loading going on with codebase downloads, Remote Invocations etc.
I'll profile it on Sparc T2+ in the near future with Oracle express.
Sure miss the sparc gear, OBP and when Solaris was open for a brief
snapshot in time, can only use it for dev testing now, can't afford to
use it for production.
Cheers,
Peter.
More information about the core-libs-dev
mailing list