CONTENTS | PREV | NEXT Java Object Serialization Specification


A.3 Security Issues

Naive use of object serialization may allow a malicious party with access to the serialization byte stream to read private data, create objects with illegal or dangerous state, or obtain references to the private fields of deserialized objects. Implementors concerned with security should be aware of the following implications of serialization:



CONTENTS | PREV | NEXT
Copyright © 1997-2001 Sun Microsystems, Inc. All Rights Reserved.