On 10/12/2010 02:12 PM, Michal Kleczek wrote:
On Tuesday 12 of October 2010 14:00:14 Sim IJskes - QCG wrote:
It doesn't happen with readUTF(). The first bytes read are the stream
header, (0xac, 0xed, 0, 5), and then the length, then the bytes
composing the string. No parsing of TC constants, and no optional code
paths that can lead to out-of-anything dos attacks. Send it with
writeUTF, read it with a custom function limiting the length of the
string and voila whe have at least made it 1 step more difficult to dos.
I understand your arguments but I am still not convinced - you somehow have to
send a ProxyTrust instance (or any remote object reference) so that you can
verify codebase using it.
No you don't. You can delegate it to the IntegrityVerifier. This is the
place where you should check the integrity. You will have enough
information there (coded in the codebase parameter), to load the code,
check endpoints (dns name, ip address, TLS) if wanted, check signatures,
certificates, checksums.
Gr. Sim
