Some further context: An alternative to the use of Any would be Oneof. This would increase type safety, but would require the request object to maintain knowledge of all permitted types. Since requests will be used by multiple clients and multiple (related but different) servers, the request object could end up as a bloated multi-tenant maintenance problem. The goal of the Any would be to reduce these complexities.
On Wednesday, May 20, 2020 at 10:13:35 AM UTC-7, Peter JL wrote: > > Hello, group - > > I'm considering using an Any field in a service-to-service request object. > This would allow clients to send arbitrary data to the server, which would > dispatch requests to the appropriate event handler based on the Any's type > information (achieving a kind of polymorphic dispatch). The server would > log a warning and drop requests with unrecognized types. This approach > would loosen coupling between system components, reduce the number of > cross-component dependencies, and streamline the process adding/removing > new handlers. > > My central question is: Are there security risks (or other significant) > problems with this approach? > > Thanks in advance! > > Peter > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/883bda1e-41ed-4694-bb88-5d9e5b0f1c83%40googlegroups.com.
