Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-9570

Update documentation to show how to use SerializableCoder more securely

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • P3
    • Resolution: Unresolved
    • None
    • None
    • sdk-java-core

    Description

      It's possible to make the use of SerializableCoder more secure by enforcing constraints on the deserialization process using jdk.serialFilter. This task is to update the documentation - from the mailing list:

       
      "With the JvmInitializer[1] being supported by Dataflow and the portable Java container, users would be able to write code which sets the system property jdk.serialFilter or by configuring ObjectInputFilter.Config.setSerialFilter(filter)[2]"
       
      This could become a documentation change to SerializableCoder.

      1: https://github.com/apache/beam/blob/master/sdks/java/core/src/main/java/org/apache/beam/sdk/harness/JvmInitializer.java
      2: https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-952E2328-AB66-4412-8B6B-3BCCB3195C25
       
      Ref: https://lists.apache.org/thread.html/rc08d21215ed0f228331dcec88ecd5fe45d452e778fdc20a44c938f8e%40%3Cdev.beam.apache.org%3E

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #11191

          Activity

            People

              Unassigned Unassigned
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h