|
|
|
|
|
|
by signa11
1034 days ago
|
|
|
> I am not sure what can the serialization framework possibly _do_ to make things secure during the serialization >> Loads of things! >> A strict specification that can only be interpreted one way goes very far. E.g.: a machine-readable BNF grammar file or something similar with no ambiguities. once again, that is not the domain of the serialization framework ! it is a policy which needs to be established and enforced at input / output layer by the entity which implements it. a serialization framework should just serialize and deserialize objects to / from an i/o 'channel' f.e. file, network, etc. shackling it with specification / enforcement of security etc. policies seems conflating one concern with another. |
|
|