Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Java Serialization

Tags:

java

serialization

effective-java

I posting a doubt that I came across reading Effective Java. I apologize if its a real simple and straight forward doubt. So in Item 74 - Implement Serializable judiciously, He is saying that even after implementing a good Information Hiding on your class using private and package private fields, it is prone to lose effectiveness? Whatever I read in the past was, all serialization does is, convert Objects into Byte Stream Form and After deserialization the same object is retained back. How does it lose Data Hiding in this process?

like image 420
t0mcat Avatar asked Nov 12 '10 16:11

t0mcat

People also ask

What is serialization in Java?

Serialization in Java is the process of converting the Java code Object into a Byte Stream, to transfer the Object Code from one Java Virtual machine to another and recreate it using the process of Deserialization.

Why do we need serialization in Java?

Serialization in Java allows us to convert an Object to stream that we can send over the network or save it as file or store in DB for later usage. Deserialization is the process of converting Object stream to actual Java Object to be used in our program.

What is serialization used for?

Serialization is the process of converting an object into a stream of bytes to store the object or transmit it to memory, a database, or a file. Its main purpose is to save the state of an object in order to be able to recreate it when needed.

What happens without serialization in Java?

What happens if you try to send non-serialized Object over network? When traversing a graph, an object may be encountered that does not support the Serializable interface. In this case the NotSerializableException will be thrown and will identify the class of the non-serializable object.

1 Answers

You could potentially have access to the value of the internal state of an object using serialization and deserialization.

By serializing an object, you might be able to read the values of the private fields that you otherwise shouldn't. Conversely, if you create a well-crafted byte array that you deserialize into an instance, you might be able to initialize it in an illegal state.

like image 97
candiru Avatar answered Nov 07 '22 13:11

candiru
Sign in to Comment

Related questions

Why is the FileInputStream read() not blocking?
How to URL encode JSF outputLink value
Where to find an overview of backed Collection methods/classes
difference between hash code and reference or address of an object?
Automate adding multiple "sections" to the manifest?
Scala object extends Java class static field
sqlite3 module for Jython
Is there a version of JUnit assertThat which uses the Hamcrest 'describeMismatch' functionality?
Can I wrap all JAX-RS requests with custom pre-dispatch, post-dispatch and error-handler code?
How to design extremely efficient function
How to handle 'this' reference in decorator pattern
How to perform unsigned to signed conversion in Java?
String encryption with Jasypt library
common java-function to create Maps from strings
Tuning the performance of reading a large InputStream in java
Does Spring JmsTemplate close connections by default?
How to upload Bitmap Image from a android device?
Which classes are absolutely necessary to get a Java VM running?
Can I distribute a JDK with my application?
JAXB and collections containing generics

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!