[ https://issues.apache.org/jira/browse/PIRK-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15558293#comment-15558293 ]
ASF GitHub Bot commented on PIRK-45: ------------------------------------ Github user ellisonanne commented on a diff in the pull request: https://github.com/apache/incubator-pirk/pull/107#discussion_r82505750 --- Diff: src/main/java/org/apache/pirk/querier/wideskies/QuerierDeserializer.java --- @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pirk.querier.wideskies; + +import com.fasterxml.jackson.databind.JsonNode; + +import com.google.gson.Gson; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParseException; +import com.google.gson.reflect.TypeToken; +import org.apache.pirk.encryption.Paillier; +import org.apache.pirk.query.wideskies.Query; + + +import java.lang.reflect.Type; +import java.math.BigInteger; +import java.util.List; +import java.util.Map; + +/** + * Custom deserializer for Querier class for Jackson. --- End diff -- Need to remove Jackson reference since using GSON > Remove dependency on Java serialization > --------------------------------------- > > Key: PIRK-45 > URL: https://issues.apache.org/jira/browse/PIRK-45 > Project: PIRK > Issue Type: Improvement > Reporter: Tim Ellison > Assignee: Walter Ray-Dulany > > Pirk should not depend upon Java serialization as a persistent object format. > Maintaining support for a variety of versions of Java serialized form can be > difficult, this includes both the querier and responder sides of a PIR. > Alternative formats such as XML and JSON are more forgiving/extensible. > Furthermore, and despite Pirk's trust between querier and responder, there > are potential implications for loading the binary representation of Java's > serialized instances as a vector for security vulnerabilities. -- This message was sent by Atlassian JIRA (v6.3.4#6332)