Open Rick-Anderson opened 4 years ago
I'm not sure if this is the best place to comment, but there is a rather strange suggestion that users should switch from byte[]
serialization to string
serialization (as the recommended alternatives) for reasons that have something to do with security. That is nonsense of course. You should really include a form of binary serialization as a suggested alternative. CBOR will do well, especially as there is such a serializer in dotnet/runtime now. Moving from byte[]
to string
formats should be a decision based on whether there is a need for human readability.
Moved from #19442
Topics we'll want to cover, with samples:
Exception
graphsType.GetType
callsDocs we need to update because they give improper security guidance:
API:
See https://github.com/dotnet/dotnet-api-docs/pull/4508
dotnet repo:
previous-versions:
[ ] https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/5dxse167(v=vs.100) – clarifying that a TypeFilterLevel shouldn’t be used for security
Edit 9/13/23 - This article already contains the following Caution block. What else is needed here?
visualstudio:
Not on the list, but I added