Skip to content
Permalink
Browse files
fix grammar in security.md (#739)
  • Loading branch information
AlbumenJ committed Feb 25, 2021
1 parent f7e21cf commit b9d39e28357ae89b844a7fce3b35d682b74b1741
Showing 1 changed file with 2 additions and 2 deletions.
@@ -10,8 +10,8 @@ weight: 90

## Deserialization Vulnerabilities
Dubbo supports the extension of serialization protocol. Theoretically, users can enable serialization protocol with arbitrary order based on the extension mechanism, which brings great flexibility, but at the same time, they should be aware of the potential security risks.
Data deserialization is one of the most vulnerable links to be exploited by attackers. Attackers use it to steal or destroy server-side data, such as rce attack. Before switching the serialization protocol or implementation, the user can,
We should fully investigate the security guarantee of target serialization protocol and its framework implementation, and set corresponding security measures in advance (such as setting Black / white list). The Dubbo framework itself cannot guarantee the security of the target serialization mechanism.
Data deserialization is one of the most vulnerable links to be exploited by attackers. Attackers use it to steal or destroy server-side data, such as rce attack.
Before switching the serialization protocol or implementation, the user should fully investigate the security guarantee of target serialization protocol and its framework implementation, and set corresponding security measures in advance (such as setting Black / white list). The Dubbo framework itself cannot guarantee the security of the target serialization mechanism.

Dubbo 2.7 The official version provides the following serialization protocols:
* Hessian2

0 comments on commit b9d39e2

Please sign in to comment.