[jira] [Commented] (PIRK-45) Remove dependency on Java serialization

Fri, 07 Oct 2016 13:49:05 -0700 

    [ 
https://issues.apache.org/jira/browse/PIRK-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15556202#comment-15556202
 ] 

ASF GitHub Bot commented on PIRK-45:
------------------------------------

Github user smarthi commented on a diff in the pull request:

    https://github.com/apache/incubator-pirk/pull/107#discussion_r82467067
  
    --- Diff: 
src/main/java/org/apache/pirk/querier/wideskies/QuerierDeserializer.java ---
    @@ -0,0 +1,117 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *   http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing,
    + * software distributed under the License is distributed on an
    + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    + * KIND, either express or implied.  See the License for the
    + * specific language governing permissions and limitations
    + * under the License.
    + */
    +package org.apache.pirk.querier.wideskies;
    +
    +import com.fasterxml.jackson.core.JsonParser;
    +import com.fasterxml.jackson.core.JsonProcessingException;
    +import com.fasterxml.jackson.core.type.TypeReference;
    +import com.fasterxml.jackson.databind.DeserializationContext;
    +import com.fasterxml.jackson.databind.JsonNode;
    +import com.fasterxml.jackson.databind.ObjectMapper;
    +import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
    +import com.google.gson.*;
    --- End diff --
    
    Please avoid using import *.  


> Remove dependency on Java serialization
> ---------------------------------------
>
>                 Key: PIRK-45
>                 URL: https://issues.apache.org/jira/browse/PIRK-45
>             Project: PIRK
>          Issue Type: Improvement
>            Reporter: Tim Ellison
>            Assignee: Walter Ray-Dulany
>
> Pirk should not depend upon Java serialization as a persistent object format.
> Maintaining support for a variety of versions of Java serialized form can be 
> difficult, this includes both the querier and responder sides of a PIR.  
> Alternative formats such as XML and JSON are more forgiving/extensible.
> Furthermore, and despite Pirk's trust between querier and responder, there 
> are potential implications for loading the binary representation of Java's 
> serialized instances as a vector for security vulnerabilities.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to