Hi guys It is interesting to think about the design and use of object deserializers. https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization

Hi Stef, > On 15 Aug 2022, at 20:25, stephane ducasse <stephane.ducasse@inria.fr> wrote: > > Hi guys > > It is interesting to think about the design and use of object deserializers. > > https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization > > <2204.09388.pdf> Interesting, and indeed, a big problem (especially denial of service attacks). Step one is to be conscious of the problem (which exists across all language/formats). Step two could be to add some sanity checks (limits) to parsers. Would be a nice subject for a (student) project. Sven

Maybe a bit off topic, I found preserves from Tony Garnock-Jones who btw managed to run squeak on smartphone ;) * Preserves is a new data model and serialization format in many ways comparable to JSON, XML, S-expressions, CBOR, ASN.1 BER, and so on. https://preserves.dev/ https://git.syndicate-lang.org/tonyg/squeak-phone https://eighty-twenty.org/tag/squeak-phone/ Happy ESUG for those in Navi Sad, Cedrick > Le 16 août 2022 à 12:11, Sven Van Caekenberghe <sven@stfx.eu> a écrit : > > Hi Stef, > >> On 15 Aug 2022, at 20:25, stephane ducasse <stephane.ducasse@inria.fr> wrote: >> >> Hi guys >> >> It is interesting to think about the design and use of object deserializers. >> >> https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization >> >> <2204.09388.pdf> > > Interesting, and indeed, a big problem (especially denial of service attacks). > > Step one is to be conscious of the problem (which exists across all language/formats). > > Step two could be to add some sanity checks (limits) to parsers. > > Would be a nice subject for a (student) project. > > Sven