commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Gregory (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IO-487) SafeObjectInputStream contribution - restrict which classes can be deserialized
Date Fri, 13 Nov 2015 19:42:10 GMT

    [ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004583#comment-15004583
] 

Gary Gregory commented on IO-487:
---------------------------------

Ah, OK, thank you for the update. Since are still kibitzing, then I'd like to open the class
name up for debate. To me "SafeObjectInputStream" leads me to ask "safe from what?" and "How
safe is it really?" Perhaps a name focused on the "doing" rather than the "intent" would be
better. Maybe "AcceptorObjectInputStream", "CheckedObjectInputStream", "CheckingObjectInputStream",
"ValidatingObjectInputStream". None of these are great but so far I like "ValidatingObjectInputStream".

> SafeObjectInputStream contribution - restrict which classes can be deserialized
> -------------------------------------------------------------------------------
>
>                 Key: IO-487
>                 URL: https://issues.apache.org/jira/browse/IO-487
>             Project: Commons IO
>          Issue Type: Improvement
>          Components: Utilities
>    Affects Versions: 2.4
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>              Labels: patch
>             Fix For: 2.5
>
>         Attachments: IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch
>
>
> As discussed on the commons dev list I'd like to contribute my SLING-5288 code to commons-io.
I'll attach a patch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message