35 Java Serialization Protecting sensitive information using SHA1 Code Demo 2
backstreetbrogrammer Chapter 15 Serialization Protecting sensitive information using SHA1 Code Demo 2 When developing a class that provides controlled access to resources, care must be taken to protect sensitive information and functions. During deserialization, the private state of the object is restored. To avoid compromising a class, the sensitive state of an object must not be restored from the stream, or it must be reverified by the class. The easiest technique is to mark fields that contain sensitive data as private transient. Transient fields are not persistent and will not be saved by any persistence mechanism. Marking the field will prevent the state from appearing in the stream and from being restored during deserialization. Since writing and reading (of private fields) cannot be superseded out
|
|