On 01/20/2016 01:12 PM, Nikos Mavrogiannopoulos wrote: > If you have complex structures to be transfered you may want to rely on > something automated to serialize/deserialize requests. That will > increase the code, but reduce the complexity. I've used protocol > buffers over unix sockets for that exact reason and I'm pretty happy > with it.
I wouldn't use protocol buffers across a security boundaries. The serializers and serializers have integer overflows, and Google doesn't want to fix them because their use case apparently provides implicit message size constraints which make it impossible to trigger these issues. https://github.com/google/protobuf/issues/760 https://github.com/google/protobuf/issues/761 Florian -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
