mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sven Panko <Sven.Pa...@proximity.de>
Subject Re: [1.0] Three questions concerning object serialization and MINA
Date Thu, 07 Dec 2006 08:56:54 GMT
Hi Trustin,

> [...]
> We overrided read/writeClassDescriptor() of ObjectInput/OutputStream to 
> the bandwidth.  When a Java object is serialized, the descriptor of the
> object's class is serialized together.  The descriptor contains a lot of
> meta-information related with the class and it's huge comparing to the
> actual data we want to exchange because it contains long strings such as
> type name and field name.  It's sometimes ten times bigger, and then we 
> wasting 90% of bandwidth.  That's why we chose to override
> read/writeClassDescriptor() method.
> Calling getObject() with explicit class loader specified might help you:
> MyMessageToReceive m = buffer.getObject(
> MyMessageToReceive.class.getClassLoader());
> Please let me know if this works for you.  Otherwise, we need to find a
> better solution.

I'll try this solution on the client side by providing a special class 
loader - maybe it works. If it does, I'll post my findings so that others 
may use object serialization with Eclipse RCP as well.

> > My last question concerns the different default max object sizes in 
> > en- and decoder implementations - is there a reason why the encoder 
> > encode objects up to Integer.MAX_VALUE, but the decoder refuses 
> > above 1MB? Are you aware of some known issues concerning memory
> > consumption if I set the max object size of the decoder to
> > Integer.MAX_VALUE as well?
> I thought decoder should be more restrictive in receiving a big object
> because of the rick of DoS attack.  That's all.  If there's consensus on
> changing the default value, we can change it, too.  :)

Ok, just what I thought. The default value is fine - I think a short note 
in the JavaDoc stating that the max object size in decoder is set to a 
lower value because of possible DoS attacks would be nice. The reason that 
this doesn't affect me directly at the object serialization level is 
because of the fact I use SSL with client certs and the SSL filter 
prevents connections with invalid certs prior of a possible DoS attack (or 
am I mistaken?).

Thanks for all your help!



Information contained in this message is confidential and may be legally privileged. If you
are not the addressee indicated in this message (or responsible for the delivery of the message
to such person), you may not copy, disclose or deliver this message or any part of it to anyone,
in any form. In such case, you should delete this message and kindly notify the sender by
reply Email. Opinions, conclusions and other information in this message that do not relate
to the official business of Proximity shall be understood as neither given nor endorsed by
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message