[jira] [Commented] (HTTPCORE-615) Implement more robust cache serializer with an HTTP-like storage format (replacing existing one based on Java Object Serialization)

Sun, 29 Dec 2019 01:01:20 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17004720#comment-17004720
 ] 

Scott W Gifford commented on HTTPCORE-615:
------------------------------------------

Thanks for the helpful feedback guys!

I have done as you requested, in:

[https://github.com/apache/httpcomponents-client/pull/191]
 * Forward-port to 5.0
 * Use Java 7 features to simplify code
 * Remove benchmark program
 * Annotate as experimental

Additionally, API changes in 5.0, improvements in Java 7, and perhaps a chance 
to go through the code again have helped me to simplify it, the tests in 
particular.  I think you'll find the current version much easier to review.

The git history for the pull request is very cluttered, but helpful to me for 
now.  When we get this into a state you guys are ready to accept, I'll rebase 
against master and squash it into a handful of logical commits.

Thanks!

-----Scott.

> Implement more robust cache serializer with an HTTP-like storage format 
> (replacing existing one based on Java Object Serialization)
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCORE-615
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-615
>             Project: HttpComponents HttpCore
>          Issue Type: New Feature
>            Reporter: Scott W Gifford
>            Priority: Major
>
> HTTPCORE-578 was caused by the brittleness of using Java Object Serialization 
> to store cache objects.  Java Object Serialization requires careful 
> understanding of what sorts of changes require a new serialization version, 
> with small mistakes leading to surprising results; further Java Object 
> Serialization has security issues, and will be an optional feature in 
> upcoming Java releases (with Jigsaw).  It would be better to have a more 
> stable serialization approach.
> Since the Apache client already knows how to communicate with HTTP, one 
> simple approach would be to serialize as if we were writing to an HTTP 
> client, and deserialize as if we were reading from an HTTP server.
> I have developed a serializer that does that, and would like to contribute it 
> back to the Apache project.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to