You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ignite.apache.org by "Aleksey Plekhanov (Jira)" <ji...@apache.org> on 2020/04/28 12:36:00 UTC

[jira] [Created] (IGNITE-12962) Blacklist and whitelist of classes allowed to deserialize via HTTP-REST should be supported

Aleksey Plekhanov created IGNITE-12962:
------------------------------------------

             Summary: Blacklist and whitelist of classes allowed to deserialize via HTTP-REST should be supported
                 Key: IGNITE-12962
                 URL: https://issues.apache.org/jira/browse/IGNITE-12962
             Project: Ignite
          Issue Type: Improvement
          Components: rest
            Reporter: Aleksey Plekhanov


Since we have the ability to deserialize custom objects (implemented by IGNITE-12857) we should have the ability to limit the scope of classes allowed to safe deserialization.

There are already two system properties used for such purpose in Ignite:
{code:java}
/** Defines path to the file that contains list of classes allowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_WHITELIST = "IGNITE_MARSHALLER_WHITELIST";

/** Defines path to the file that contains list of classes disallowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_BLACKLIST = "IGNITE_MARSHALLER_BLACKLIST";{code}
HTTP-REST should support these properties too.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)