On 10/09/2010 11:09 AM, Michal Kleczek wrote:
Folks,The discussion about trust and solving deserialization DoS issues brought me to the idea of annotating classes with Modules. On the other hand Peter is working on ClassLoader / class identity issues. I tried to think about it and came up with an idea that a Module can express that it depends on other Modules so that if there is a dependency that is shared between two modules classes loaded from this dependency preserve their ClassLoader: interface Module { Module[] getDependencies(); //... class loading methods }
And downloading a jar? A jar has everything already. Dependencies, codesigning. Extendable manifest, etc.
Gr. Sim
