chaokunyang commented on code in PR #173: URL: https://github.com/apache/fury-site/pull/173#discussion_r1732139015
########## docs/guide/java_serialization_guide.md: ########## @@ -259,12 +254,11 @@ Fury fury=getFury(); ### Security & Class Registration -`FuryBuilder#requireClassRegistration` can be used to disable class registration, this will allow to deserialize objects unknown types, more flexible but **may be insecure if the classes contains malicious code**. +`FuryBuilder#requireClassRegistration` can be used to disable class registration, this will allow to deserialize objects unknown types, more flexible but ****if the class contains malicious code, a security breach can occur**.**. -**Do not disable class registration unless you can ensure your environment is secure**. +**Do not disable class registration checking unless you can ensure the security of your runtime environment and external interactions**. -Malicious code in `init/equals/hashCode` can be executed when deserializing unknown/untrusted types when this option -disabled. +Malicious code in `init/equals/hashCode` can be executed when deserializing unknown/untrusted types when this option disabled. Review Comment: ```suggestion Malicious code in `init/equals/hashCode` can be executed when deserializing unknown/untrusted types when this option is disabled. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
