[jira] [Updated] (BEAM-9570) Update documentation to show how to use SerializableCoder more securely

["Kenneth Knowles (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/BEAM-9570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kenneth Knowles updated BEAM-9570:
----------------------------------

This Jira ticket has a pull request attached to it, but is still open. Did the pull request resolve the issue? If so, could you please mark it resolved? This will help the project have a clear view of its open issues.

> Update documentation to show how to use SerializableCoder more securely
> -----------------------------------------------------------------------
>
>                 Key: BEAM-9570
>                 URL: https://issues.apache.org/jira/browse/BEAM-9570
>             Project: Beam
>          Issue Type: Improvement
>          Components: sdk-java-core
>            Reporter: Colm O hEigeartaigh
>            Priority: P3
>              Labels: Clarified
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> It's possible to make the use of SerializableCoder more secure by enforcing constraints on the deserialization process using jdk.serialFilter. This task is to update the documentation - from the mailing list:
>  
> "With the JvmInitializer[1] being supported by Dataflow and the portable Java container, users would be able to write code which sets the system property jdk.serialFilter or by configuring ObjectInputFilter.Config.setSerialFilter(filter)[2]"
>  
> This could become a documentation change to SerializableCoder.
> 1: [https://github.com/apache/beam/blob/master/sdks/java/core/src/main/java/org/apache/beam/sdk/harness/JvmInitializer.java]
> 2: [https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-952E2328-AB66-4412-8B6B-3BCCB3195C25]
>  
> Ref: https://lists.apache.org/thread.html/rc08d21215ed0f228331dcec88ecd5fe45d452e778fdc20a44c938f8e%40%3Cdev.beam.apache.org%3E



--
This message was sent by Atlassian Jira
(v8.20.1#820001)