Can we deny a java object from serialization other than giving transient keyword

Question

We can avoid serialising fields by using the transient keyword. Is there any other way of doing that?

Answer 1

http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html

SUMMARY:Preventing Serialization of Sensitive Data Fields containing sensitive data should not be serialized; doing so exposes their values to any party with access to the serialization stream. There are several methods for preventing a field from being serialized:

1. Declare the field as private transient.
2. Define the serialPersistentFields field of the class in question, and omit the field from the list of field descriptors.
3. Write a class-specific serialization method (i.e., writeObject or writeExternal) which does not write the field to the serialization stream (i.e., by not calling ObjectOutputStream.defaultWriteObject).

Here are some links.

Declaring serialPersistenetFields.

Serialization architecture specification.

Security in Object Serialization.