Thanks Pat, I'd appreciate that. I've documentation, but there's no single document at present. Do you think a draft revision of the Jini specifications documenting the additions would be sufficient?
Regards, Peter. Sent from my Samsung device. Include original message ---- Original message ---- From: Patricia Shanahan <p...@acm.org> Sent: 15/02/2017 09:18:46 pm To: dev@river.apache.org Subject: Re: deserialization remote invocation strategy I still have some contacts into the UCSD computer science department from when I was doing my PhD. If we had a stated security model, it might be worth asking whether any students are interested in reviewing it. On 2/15/2017 3:07 AM, Michał Kłeczek wrote: > Reviewing just the source code without any high level overview and > explanation how and why it is implemented in a particular way > is difficult (if possible at all). > > That is why it would be really helpful if the questions asked were > answered. > > Not only researchers are interested - also potential users and > contributors. > > Thanks, > Michal > > Peter wrote: >> I can't make any guarantee that it is secure, but the more people >> review it, the more likelihood bugs and flaws will be identified. >> >> I'm especially interested in security researchers checking it out if >> they're interested. >> >> Cheers, >> >> Peter. >> >> Sent from my Samsung device. >> Include original message >> ---- Original message ---- >> From: Michał Kłeczek<mic...@kleczek.org> >> Sent: 15/02/2017 08:04:39 pm >> To: dev@river.apache.org >> Subject: Re: deserialization remote invocation strategy >> >> >>> The code actually does what I've described above, but don't take my >>> word for it, check it for youself. :) >>> >>> If you disagree, don't use it. >> It works the other way around - before I decide to use it - I have to >> understand how it works. >> Even more so if we are talking about security. >> >> That is why I consider scrutiny and questioning a Good Thing in this >> context. >> >> "Check for yourself" is not an encouraging advice in the area of >> security :) >> >> Cheers, >> Michal >> >> >> > >
