|
|
|
|
|
|
by sigstoat
1064 days ago
|
|
|
> > I don't see how you can get away from having a defined serialisation format. > Yep, that's exactly it. Your TLS certificate is not sent as string, and neither are your TCP packets, nor the images contained in them. ...all of those things mentioned have defined serialization. i expect all of them have had security issues because of problems with deserialization code. |
|
|
What is your point? That strings don't need defined formats? That they have less security issues?