On 10/12/2010 01:11 PM, Michal Kleczek wrote:
On Tuesday 12 of October 2010 13:08:19 Sim IJskes - QCG wrote:
On 10/12/2010 12:33 PM, Michal Kleczek wrote:
Hmm... I think I would argue that annotation should have the codebase
embedded and only issue a remote call to verify this codebase - not to
retrieve it.
How about we get rid of Module interface and require annotation to be
RmiModule (which is final)?
By re/encoding it as a String. So we can harden the MarshallInputStream
to only accept UTF-8 String with limited length.
Would that be enough just not to allow recursive readAnnotation() ?
That way our stream would be more compact...
It is my perception that you can feed the deserializer anything you
want, recursive or not, as long as you limit yourself to the jre
classes. The 'check' (at this moment) happens at the cast to String.
And by building a babushka in the stream, cause a stackoverflow or
heapoverflow (dependend on the implementation) in this way.
I dont see an easy way to implement a loadOnlyThisClass(Class cls)
member function. And changing all the methods where codebase is coded as
a String, is also not my favorite.
My proposal:
Code 'codebase annotation' as a String. Add a verifier that loads the
code and checks signing, and allow actual class instantiation to reuse
the bytes that have already been downloaded by the verifier.
Gr. Sim
