pjfanning opened a new issue, #2383: URL: https://github.com/apache/fory/issues/2383
### Feature Request We definitely want Fory to be relatively secure by default. Of course, deserializing is always a minefield in Java and the disallow list in Fory may not have everything in it. Users sending Fory formatted class instances over the wire should use secure networks. If you have a secure network, users might want to enable unsafe mode and accept the risks. If malicious users can't send messages to your application then this might be acceptable. When deserializing, checking the classes against the disallow list (for instance) does take a certain amount of time. If this feature was added, we could add warnings in the docs to discourage its users unless the users understand what they are doing. ### Is your feature request related to a problem? Please describe _No response_ ### Describe the solution you'd like _No response_ ### Describe alternatives you've considered _No response_ ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
