Sim IJskes - QCG wrote:
On 10/05/2010 03:45 PM, Michal Kleczek wrote:
What I am trying to get at is - could this be implemented as a
service on top
of existing Jini platform?
Do you have a solution for the unmarshalling of untrusted code yet?
Gr. Sim
Have a look in jtsk/skunk/pepe under org.apache.river.imp.security.dos.
I could use a volunteer to write some test cases and code review. It's
very preliminary at this stage, I've uploaded it to get the concept out
there.
I need the following Unmarshalling Attack test cases and any others you
might think of:
1. Infinite Loop.
2. Object Creation explosion, using an Array or List.
3. Deliberate thread stalling or concurrency issues.
Assume the object byte arrays have been downloaded directly over a
secure socket with privacy intact.
Regards,
Peter.
