I gotten around the problems with using Object in my async apis by defining a api that declares the possible types (native & custom) as parameters so that they get included within the serialization policy.
Without that policy, anybody can pass any type in the response and it will be de-serialized - a huge security attack vector.On Mon, Sep 15, 2014 at 8:04 AM, Joseph Lust <lifeoflust@gmail.com> wrote:
Curious, is there a way to enable compiler logging to note just how many types you're RPC serializers are being compiled to handle? I think that might provide clarity into these blackbox situations and draw attention to the RPC type explosion problem from folks that would otherwise miss it.Joe--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
--
-- A. Stevko
===========
"If everything seems under control, you're just not going fast enough." M. Andretti
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment