Lambdas and serialization
Rémi Forax
forax at univ-mlv.fr
Tue Oct 19 11:19:04 PDT 2010
Le 19/10/2010 17:41, Maurizio Cimadamore a écrit :
[...]
>> Lambda are not serializable, like java.lang.reflect.Method
>> because it will create tons of security holes.
> You mean method handles are not serializable? What are the security
> holes deriving from serializable lambda (assuming latest Brian's
> document) ?
If you can serialize a lambda, you are able to forge a binary blob which
once decoded by the serialization
is a reference any private method.
>
> Maurizio
Rémi
More information about the lambda-dev
mailing list