当前页面: 在线文档首页 > JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档
CONTENTS | PREV | NEXT
Copyright © 1997-2001 Sun Microsystems, Inc. All Rights Reserved.
Java Object Serialization Specification: - Security in Object Serialization - JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档
| CONTENTS | PREV | NEXT | Java Object Serialization Specification |
A.4 Preventing Serialization of Sensitive Data
Fields containing sensitive data should not be serialized; doing so exposes their values to any party with access to the serialization stream. There are several methods for preventing a field from being serialized:
- Declare the field as private transient.
- Define the
serialPersistentFieldsfield of the class in question, and omit the field from the list of field descriptors.- Write a class-specific serialization method (i.e.,
writeObjectorwriteExternal) which does not write the field to the serialization stream (i.e., by not callingObjectOutputStream.defaultWriteObject).
CONTENTS | PREV | NEXT
Copyright © 1997-2001 Sun Microsystems, Inc. All Rights Reserved.