| Subject: | Please add a SECURITY docs section |
Allowing serialization of objects is one of the best methods to take
over a remote server.
Serializers who allow deserialization of objects are unsafe.
JSON and Data::MessagePack are currently the only ones who do not
and are therefore regarded safe.
This is a long explanation
https://www.youtube.com/watch?v=Gzx6KlqiIZE
this is a shorter one:
http://www.masteringperl.org/2012/12/the-storable-security-problem/
This is a good sample paragraph:
http://perldoc.perl.org/Storable.html#SECURITY-WARNING
--
Reini Urban