You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ignite.apache.org by "Aleksey Plekhanov (Jira)" <ji...@apache.org> on 2020/04/28 12:36:00 UTC
[jira] [Created] (IGNITE-12962) Blacklist and whitelist of classes
allowed to deserialize via HTTP-REST should be supported
Aleksey Plekhanov created IGNITE-12962:
------------------------------------------
Summary: Blacklist and whitelist of classes allowed to deserialize via HTTP-REST should be supported
Key: IGNITE-12962
URL: https://issues.apache.org/jira/browse/IGNITE-12962
Project: Ignite
Issue Type: Improvement
Components: rest
Reporter: Aleksey Plekhanov
Since we have the ability to deserialize custom objects (implemented by IGNITE-12857) we should have the ability to limit the scope of classes allowed to safe deserialization.
There are already two system properties used for such purpose in Ignite:
{code:java}
/** Defines path to the file that contains list of classes allowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_WHITELIST = "IGNITE_MARSHALLER_WHITELIST";
/** Defines path to the file that contains list of classes disallowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_BLACKLIST = "IGNITE_MARSHALLER_BLACKLIST";{code}
HTTP-REST should support these properties too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)