[jira] [Updated] (HTTPCORE-615) Implement new cache serializer that is not based on Java Object Serialization

Sun, 15 Dec 2019 18:31:57 -0800 


     [ 
https://issues.apache.org/jira/browse/HTTPCORE-615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Scott W Gifford updated HTTPCORE-615:
-------------------------------------
    Description: 
HTTPCORE-578 was caused by the brittleness of using Java Object Serialization 
to store cache objects.  Java Object Serialization requires careful 
understanding of what sorts of changes require a new serialization version, 
with small mistakes leading to surprising results; further Java Object 
Serialization has security issues, and will be an optional feature in upcoming 
Java releases (with Jigsaw).  It would be better to have a more stable 
serialization approach.

Since the Apache client already knows how to communicate with HTTP, one simple 
approach would be to serialize as if we were writing to an HTTP client, and 
deserialize as if we were reading from an HTTP server.

I have developed a serializer that does that, and would like to contribute it 
back to the Apache project.

> Implement new cache serializer that is not based on Java Object Serialization
> -----------------------------------------------------------------------------
>
>                 Key: HTTPCORE-615
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-615
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>            Reporter: Scott W Gifford
>            Priority: Major
>
> HTTPCORE-578 was caused by the brittleness of using Java Object Serialization 
> to store cache objects.  Java Object Serialization requires careful 
> understanding of what sorts of changes require a new serialization version, 
> with small mistakes leading to surprising results; further Java Object 
> Serialization has security issues, and will be an optional feature in 
> upcoming Java releases (with Jigsaw).  It would be better to have a more 
> stable serialization approach.
> Since the Apache client already knows how to communicate with HTTP, one 
> simple approach would be to serialize as if we were writing to an HTTP 
> client, and deserialize as if we were reading from an HTTP server.
> I have developed a serializer that does that, and would like to contribute it 
> back to the Apache project.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to