站内搜索: 请输入搜索关键词
当前页面: 在线文档首页 > JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

Java Object Serialization Specification: - Security in Object Serialization - JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

CONTENTS | PREV | NEXT Java Object Serialization Specification


A.4 Preventing Serialization of Sensitive Data

Fields containing sensitive data should not be serialized; doing so exposes their values to any party with access to the serialization stream. There are several methods for preventing a field from being serialized:

  • Declare the field as private transient.
  • Define the serialPersistentFields field of the class in question, and omit the field from the list of field descriptors.
  • Write a class-specific serialization method (i.e., writeObject or writeExternal) which does not write the field to the serialization stream (i.e., by not calling ObjectOutputStream.defaultWriteObject).


CONTENTS | PREV | NEXT
Copyright © 1997-2001 Sun Microsystems, Inc. All Rights Reserved.