Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Reference integrity in BinaryFormatter

Tags:

c#

reference

protobuf-net

binaryformatter

The existence of AsReference option in Protobuf-net and the word that BinaryFormatter is a "graph serializer" lead me to assume that BinaryFormatter does not maintain references and that it makes a copy of every object.

But I did some tests and found out that all references in a single BinaryFormatter Serialize() or Deserialize() call are maintained even for recursive referencing.

Can I confirm that BinaryFormatter does indeed maintain references? How is this different from Protobuf-net? Seems like I understand "graph serialization" incorrectly? What else should I look out for?

Thanks in advance.

like image 827
Jake Avatar asked Sep 20 '11 01:09

Jake

People also ask

Why BinaryFormatter is insecure?

BinaryFormatter uses violates 2.), which is a huge security risk because it makes possible to run any code.

What can I use instead of BinaryFormatter?

Stop using BinaryFormatter in your code. Instead, consider using JsonSerializer or XmlSerializer.

How does BinaryFormatter work?

The class BinaryFormatter in C# performs the actions of “serialization” and “deserialization” of binary data. It takes simple data structures such as integers (int), decimal numbers (float), and collections of letters and numbers (string) and can convert them into a binary format.

Is binary formatter safe?

The BinaryFormatter type is dangerous and is not recommended for data processing. Applications should stop using BinaryFormatter as soon as possible, even if they believe the data they're processing to be trustworthy. BinaryFormatter is insecure and can't be made secure.

1 Answers

tl;dr; version - BinaryFormatter always preserves references.

The fact that BinaryFormatter is a "graph serializer" is synonymous with "it preserves references", since that is required to accurately reproduce a graph. The alternative is a tree serializer (which is most of them; XmlSerializer, DataContractSerializer (without a particular option enabled), JavascriptSerializer and protobuf-net without AsReference are all tree-based). Tree serializers do not generally preserve references (unless they work some tricks, i.e. what DataContractSerializer does if you enable full-graph mode, or protobuf-net does with AsReference). Tree serializers (without voodoo enabled) tend to explode in a mess with a recursive model, which makes them easy to spot.

like image 107
Marc Gravell Avatar answered Oct 07 '22 11:10

Marc Gravell
Sign in to Comment

Related questions

When my timer ticks.... .NET Memory Leak
Dynamically add image to powerpoint openxml
How to crack a dBase file password?
How to remove the ToolTip (Press F1 for more Help) from my word Addin
Combobox SelectedItem not working as expected
C# Capturing Direct 3D Screen
Passing a delegate as a type parameter and using it throws error CS0314
Does ascending keyword exist purely for clarity when used with orderby?
How can I mock a method on an object without a default constructor?
Best way to handle a WCF timeout
Factory Pattern, Another Pattern or no pattern at all?
does a code signing certificate help with false positive from a virus scanner
Accessing Class and Property name inside an Attribute
Encoding.GetEncoding(437).GetString() bug?
About Popup Window in ASP.Net
Create an observable wrapper for a non thread safe class
One Click Applications, and detecting first launch of new version
Establish a P2P Connection in C#
DateTime TryParse - mapping '99' to 2099, not 1999 [duplicate]
Linq get values not shared across multiple lists

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!