Closed jnshi closed 9 years ago
AMarcedone
commented
9 years ago I saw the commit. What do you mean by blob? Will it be the same thing as a Request?
On Sat, Mar 7, 2015 at 12:04 PM, jnshi notifications@github.com wrote:
@saguziel https://github.com/saguziel We should meet up! https://www.google.com/calendar/embed?src=js2845%40cornell.edu&ctz=America/New_York&mode=week
— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/6.
jnshi
commented
9 years ago No. Under the model where the server knows nothing about what the clients are storing except for "here is an encrypted block of stuff", the "blob" is the "encrypted block of stuff".
It should probably be moved to the org.kryptose package, honestly.
On Sat, Mar 7, 2015 at 12:11 PM, AMarcedone notifications@github.com wrote:
I saw the commit. What do you mean by blob? Will it be the same thing as a Request?
On Sat, Mar 7, 2015 at 12:04 PM, jnshi notifications@github.com wrote:
@saguziel https://github.com/saguziel We should meet up!
https://www.google.com/calendar/embed?src=js2845%40cornell.edu&ctz=America/New_York&mode=week
— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/6.
— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/6#issuecomment-77698738.
AMarcedone
commented
9 years ago I understand now. Thanks.
jnshi
commented
9 years ago It looks like RMI and raw socket communication are basically interchangeable, except: 1) Android does not support RMI by default. 2) RMI handles a bunch of things like server multithreaded request handling and "message" objects. 3) RMI is somewhat more complex, and it would take time to understand the security implications (looks like one of its "features" is allowing execution of arbitrary code on the server, when configured to).
Based on this information I'll have to lean toward using sockets to send Java serialized objects.
AMarcedone
commented
9 years ago I was gonna send a similar email. Agreed. On Mar 7, 2015 3:38 PM, "jnshi" notifications@github.com wrote:
It looks like RMI and raw socket communication are basically interchangeable, except: 1) Android does not support RMI by default. 2) RMI handles a bunch of things like server multithreaded request handling and "message" objects. 3) RMI is somewhat more complex, and it would take time to understand the security implications (looks like one of its "features" is allowing execution of arbitrary code on the server, when configured to).
Based on this information I'll have to lean toward using sockets to send Java serialized objects.
— Reply to this email directly or view it on GitHub https://github.com/saguziel/Kryptose/issues/6#issuecomment-77708847.
jnshi
commented
9 years ago Unfortunate discovery: it's apparently nearly impossible to validate deserialized Java objects properly. http://slightlyrandombrokenthoughts.blogspot.com/2010/07/why-complexpowerful-is-bad-combination.html
jnshi
commented
9 years ago Okay, after going through that article a bit more, it looks like the exploits it describes all require access to the Java classloader on the server side (they take advantage of uncontrolled ways that classes can interact with each other during deserialization, before the objects being read are fully deserialized). So not an immediate concern for us, but still kind of worrying, because now I'm not really sure what kind of guarantees we can expect from the deserialization process.
jnshi
commented
9 years ago Okay, nvm, this should not be a problem as long as we only serialize simple data structures (no cyclic references) and sternly validate things after the entire deserialization process is done.
@saguziel We should meet up! https://www.google.com/calendar/embed?src=js2845%40cornell.edu&ctz=America/New_York&mode=week