Hi Yanni,<br><br><div class="gmail_quote">On Wed, May 25, 2011 at 1:10 PM, Yanni Chiu <span dir="ltr"><<a href="mailto:yanni@rogers.com">yanni@rogers.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 25/05/11 11:53 AM, Mariano Martinez Peck wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Sorry Yanni, I didn't follow. Could you please explain a bit more? what<br>
do you want to serialize? do you want to be able to choose some classes<br>
as light and some as non-light? where do you want to materialize ? in<br>
the same image or in another one ? When you said discard....what would<br>
you do with the instances of those non-light classes for example? you<br>
don't materialize them? and what happens to the objects that were<br>
pointing to them ? why would be the scenario useful for ? security ?<br>
</blockquote>
<br></div>
====<br>
Yes, security. Here's my first post again, with different formatting:<br>
<br>
In another use case, I'd like to serialize from one image, and deserialize in another image - *under end user control*. [e.g. web app]<div class="im"><br>
<br>
The issue here is that "nasty" code could be introduced:<br></div><div class="im">
- capture the Fuel output<br>
- deserialize, add nasty code, re-serialize<br>
- then send onward for import to image.<br>
<br>
Would it be possible to have some sort of "virus" filter?<br></div>
====<br>
<br>
So a simple "safe-mode" option on de-serialization would probably be sufficient.</blockquote><div><br>It is a good point.<br><br>For the moment, when you deserialize a full class into the image, their methods are created, and bytecodes are copied from the stream without any validation check. <br>
<br>Anyway, you could deserialize the class, run your own validations, and then install the class (I mean, add the class to Smalltalk globals, do the class initialization, run announcements).<br><br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5"><br>
<br>
_______________________________________________<br>
seaside mailing list<br>
<a href="mailto:seaside@lists.squeakfoundation.org" target="_blank">seaside@lists.squeakfoundation.org</a><br>
<a href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside" target="_blank">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br>
</div></div></blockquote></div><br>