I can't make any guarantee that it is secure, but the more people review it, the more likelihood bugs and flaws will be identified.
I'm especially interested in security researchers checking it out if they're interested. Cheers, Peter. Sent from my Samsung device. Include original message ---- Original message ---- From: Michał Kłeczek <mic...@kleczek.org> Sent: 15/02/2017 08:04:39 pm To: dev@river.apache.org Subject: Re: deserialization remote invocation strategy > The code actually does what I've described above, but don't take my word for >it, check it for youself. :) > > If you disagree, don't use it. It works the other way around - before I decide to use it - I have to understand how it works. Even more so if we are talking about security. That is why I consider scrutiny and questioning a Good Thing in this context. "Check for yourself" is not an encouraging advice in the area of security :) Cheers, Michal
