[
https://issues.apache.org/jira/browse/IGNITE-12962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17101534#comment-17101534
]
Pavel Pereslegin edited comment on IGNITE-12962 at 5/7/20, 10:32 AM:
---------------------------------------------------------------------
[~alex_pl], could you review the proposed changes?
was (Author: xtern):
[~alex_pl], review the proposed changes, please.
> Blacklist and whitelist of classes allowed to deserialize via HTTP-REST
> should be supported
> -------------------------------------------------------------------------------------------
>
> Key: IGNITE-12962
> URL: https://issues.apache.org/jira/browse/IGNITE-12962
> Project: Ignite
> Issue Type: Improvement
> Components: rest
> Reporter: Aleksey Plekhanov
> Assignee: Pavel Pereslegin
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Since we have the ability to deserialize custom objects (implemented by
> IGNITE-12857) we should have the ability to limit the scope of classes
> allowed to safe deserialization.
> There are already two system properties used for such purpose in Ignite:
> {code:java}
> /** Defines path to the file that contains list of classes allowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_WHITELIST =
> "IGNITE_MARSHALLER_WHITELIST";
> /** Defines path to the file that contains list of classes disallowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_BLACKLIST =
> "IGNITE_MARSHALLER_BLACKLIST";{code}
> HTTP-REST should support these properties too.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
