Security concerns for Any fields?

[Peter JL]

Hello, group -

I'm considering using an Any field in a service-to-service request object. This would allow clients to send arbitrary data to the server, which would dispatch requests to the appropriate event handler based on the Any's type information (achieving a kind of polymorphic dispatch). The server would log a warning and drop requests with unrecognized types. This approach would loosen coupling between system components, reduce the number of cross-component dependencies, and streamline the process adding/removing new handlers.

My central question is: Are there security risks (or other significant) problems with this approach?

Thanks in advance!

Peter

[Peter JL]

Some further context:

An alternative to the use of Any would be Oneof. This would increase type safety, but would require the request object to maintain knowledge of all permitted types. Since requests will be used by multiple clients and multiple (related but different) servers, the request object could end up as a bloated multi-tenant maintenance problem. The goal of the Any would be to reduce these complexities.

[Adam Cozzette]

This approach sounds like it should work. As long as you have a limited set of expected types and you reject unrecognized ones, I can't think of any particular security issues with it.

--
You received this message because you are subscribed to the Google Groups "Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/883bda1e-41ed-4694-bb88-5d9e5b0f1c83%40googlegroups.com.