San Francisco, Ca: Outdoor pavilion of Oracle Open World conference opened at Howard street near Moscone Center in the evening on Sept 22, 2013 in San Francisco, CA, USA.
The Java team is planning to remove the Java Serialization feature from core Java language. This is owing to some security issues with the object serialization API.
The Serialization API converts the message in a data communication system into a sequence of bytes which can be processed further. The sequence of bytes is made into an object and written in a Java file. This file can be read and deserialized to recreate the message in the memory.
Approximately one-third of all the vulnerabilities in the Java systems have serialization involved.
Mark Reinhold, chief Architect from Oracle mentioned that Oracle has been receiving reports that revealed the security weakness in Java Serialization. They have found a lot of applications servers receive serialization data streams on unprotected ports of a server. The attackers can use the easy use case of the serialized object and deserialize to recreate the object.
Adding to the overhaul, Reinhold called the serialization feature as a “horrible mistake” made in 1997.
To counteract these vulnerabilities, Oracle has added a filtering capability in Java to provide a defense mechanism for the network using serialization and receiving untrusted data streams.
Oracle also mentioned their plans to remove serialization from Java as a long-term plan under Project Amber, focussed on streamlining the release cycle of Java and to enhance the productivity of the Java language in the Java 11 release.
To continue to support the serialization in Java language, Oracle is planning to add a Serialization feature that will enable object serialization in a safe way. The framework will also be developed to support graphs, that supports JSON or XML to provide serialization of any record.
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…