Hi Stef, > On 15 Aug 2022, at 20:25, stephane ducasse <[email protected]> wrote: > > Hi guys > > It is interesting to think about the design and use of object deserializers. > > https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization > > <2204.09388.pdf>
Interesting, and indeed, a big problem (especially denial of service attacks). Step one is to be conscious of the problem (which exists across all language/formats). Step two could be to add some sanity checks (limits) to parsers. Would be a nice subject for a (student) project. Sven
