-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle untrusted input #122
Comments
Maybe I missed this, but what does the trusted/untrusted get you. Are the wins great enough that it justifies breaking everything? |
@jm4games The reason for this is that I am potentially reverting some partial safety measures in #123 . The problem is that there is a tradeoff between performance and dealing with untrusted input gracefully. Not sure, but I think that full support for untrusted deserialization will inolve making We could actually minimize breakage by having a different name for the class and exporting a constraint synonym |
Ok, I will have to take a look at 123. This only peeked my interest since I happen to have a lot of manual store instances :( |
As proposed here, the migration would only require you to add a bit of boilerplate per instance
would become
An alternative approach to consider for |
I ended up having a different reason for wanting a type parameter on every For now this change is experimental. It breaks the whole API, so I imagine that a polished up version of this that could be merged to this repo would attempt to minimize such breakage. |
I think that the
Store
class andPeek
/Poke
/Size
should all have an added type parameter or two which customizes the details of serialization. In particular, it should specify whether the input is trusted or untrusted, and whether architecture independent serialization should be used #36. Let's just focus on Trusted vs Untrusted for now.One tricky thing is handling boxed
Vector ()
. This is tricky because the size of()
is 0 when serialized, but when deserialized it takes up space. Haven't tried compiling this, but I think something roughly like the following could work alright (after enabling a zillion extensions):Main issue is that this is some seriously fancy type level stuff. Not 100% sure if the custom type error would work.
For some other things, like having extra checks for
Map
invariants, this would be handled by reifyingTrusted
as a value and using a conditional.The text was updated successfully, but these errors were encountered: