I've been searching for information about protocol buffers and security or hardening and cannot seem to find anything. Assuming I have an appropriate container protocol and have what purports to be a protocol buffer structure, can I safely decode it? Has the protocol been designed to withstand maliciously-constructed data and does the implementation protect against that? I cannot find any documentation suggesting that protocol buffers are safe to use between applications that do not trust each other. Is the protocol buffers implementation safe from things like buffer overflow and memory exhaustion attacks? (The encapsulation protocol protects against overly-long objects, but that's about all it can do.)
JK -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To view this discussion on the web visit https://groups.google.com/d/msg/protobuf/-/0akRpO15zWsJ. To post to this group, send email to firstname.lastname@example.org. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.