[ https://issues.apache.org/jira/browse/PIRK-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15556205#comment-15556205 ]
ASF GitHub Bot commented on PIRK-45: ------------------------------------ Github user smarthi commented on a diff in the pull request: https://github.com/apache/incubator-pirk/pull/107#discussion_r82467151 --- Diff: src/main/java/org/apache/pirk/query/wideskies/QueryDeserializer.java --- @@ -0,0 +1,265 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pirk.query.wideskies; + +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.google.gson.*; +import com.google.gson.reflect.TypeToken; +import org.apache.pirk.schema.query.QuerySchema; +import org.apache.pirk.schema.query.filter.DataFilter; +import org.apache.pirk.schema.query.filter.FilterFactory; +import org.apache.pirk.utils.PIRException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.lang.reflect.Type; +import java.math.BigInteger; +import java.util.*; --- End diff -- avoid using import * > Remove dependency on Java serialization > --------------------------------------- > > Key: PIRK-45 > URL: https://issues.apache.org/jira/browse/PIRK-45 > Project: PIRK > Issue Type: Improvement > Reporter: Tim Ellison > Assignee: Walter Ray-Dulany > > Pirk should not depend upon Java serialization as a persistent object format. > Maintaining support for a variety of versions of Java serialized form can be > difficult, this includes both the querier and responder sides of a PIR. > Alternative formats such as XML and JSON are more forgiving/extensible. > Furthermore, and despite Pirk's trust between querier and responder, there > are potential implications for loading the binary representation of Java's > serialized instances as a vector for security vulnerabilities. -- This message was sent by Atlassian JIRA (v6.3.4#6332)