[
https://issues.apache.org/jira/browse/HTTPCORE-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17003876#comment-17003876
]
Scott W Gifford commented on HTTPCORE-615:
------------------------------------------
Hey Apache folks,
Any thoughts on this, and whether it's a contribution the project would be
interested in accepting?
Thanks!
-----Scott.
> Implement new cache serializer that is not based on Java Object Serialization
> -----------------------------------------------------------------------------
>
> Key: HTTPCORE-615
> URL: https://issues.apache.org/jira/browse/HTTPCORE-615
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Reporter: Scott W Gifford
> Priority: Major
>
> HTTPCORE-578 was caused by the brittleness of using Java Object Serialization
> to store cache objects. Java Object Serialization requires careful
> understanding of what sorts of changes require a new serialization version,
> with small mistakes leading to surprising results; further Java Object
> Serialization has security issues, and will be an optional feature in
> upcoming Java releases (with Jigsaw). It would be better to have a more
> stable serialization approach.
> Since the Apache client already knows how to communicate with HTTP, one
> simple approach would be to serialize as if we were writing to an HTTP
> client, and deserialize as if we were reading from an HTTP server.
> I have developed a serializer that does that, and would like to contribute it
> back to the Apache project.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
