13 lines
393 B
Plaintext
13 lines
393 B
Plaintext
Allowing users to provide data for deserialization generally creates more
|
|
problems than it solves.
|
|
|
|
Anything that can be done through deserialization can generally be done with more
|
|
secure data structures. +
|
|
Therefore, our first suggestion is to avoid deserialization in the first
|
|
place.
|
|
|
|
However, if deserialization mechanisms are valid in your context, here are some
|
|
security suggestions.
|
|
|
|
|