I've been searching for information about protocol buffers and security or 
hardening and cannot seem to find anything. Assuming I have an appropriate 
container protocol and have what purports to be a protocol buffer 
structure, can I safely decode it? Has the protocol been designed to 
withstand maliciously-constructed data and does the implementation protect 
against that? I cannot find any documentation suggesting that protocol 
buffers are safe to use between applications that do not trust each other. 
Is the protocol buffers implementation safe from things like buffer 
overflow and memory exhaustion attacks? (The encapsulation protocol 
protects against overly-long objects, but that's about all it can do.)


You received this message because you are subscribed to the Google Groups 
"Protocol Buffers" group.
To view this discussion on the web visit 
To post to this group, send email to protobuf@googlegroups.com.
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to