Hi guys
It is interesting to think about the design and use of object deserializers.
Hi Stef,
On 15 Aug 2022, at 20:25, stephane ducasse stephane.ducasse@inria.fr wrote:
Hi guys
It is interesting to think about the design and use of object deserializers.
<2204.09388.pdf>
Interesting, and indeed, a big problem (especially denial of service attacks).
Step one is to be conscious of the problem (which exists across all language/formats).
Step two could be to add some sanity checks (limits) to parsers.
Would be a nice subject for a (student) project.
Sven
Maybe a bit off topic, I found preserves from Tony Garnock-Jones who btw managed to run squeak on smartphone ;)
https://git.syndicate-lang.org/tonyg/squeak-phone
https://eighty-twenty.org/tag/squeak-phone/
Happy ESUG for those in Navi Sad,
Cedrick
Le 16 août 2022 à 12:11, Sven Van Caekenberghe sven@stfx.eu a écrit :
Hi Stef,
On 15 Aug 2022, at 20:25, stephane ducasse stephane.ducasse@inria.fr wrote:
Hi guys
It is interesting to think about the design and use of object deserializers.
<2204.09388.pdf>
Interesting, and indeed, a big problem (especially denial of service attacks).
Step one is to be conscious of the problem (which exists across all language/formats).
Step two could be to add some sanity checks (limits) to parsers.
Would be a nice subject for a (student) project.
Sven