This repository has been archived by the owner on Mar 5, 2019. It is now read-only.
Can we de/serialize in Python instead of C? #12
Comments
|
There isn't much in attack surface in those functions. It would also be pretty trivial to prevent this attack too (some simple bounds checking). |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, we have
serializeanddeserializefunctions written in C.I'm of the mind that, in order to minimize the risk of heartbleed-esque side-channel attacks, it makes sense to write as much of the interfaces for our PRE as possible in Python instead of C.
However unlikely, isn't it possible that
serializecan be attacked by a buffer-overflow that we haven't considered?It is possible to write this in pure python?
The text was updated successfully, but these errors were encountered: