Fields containing sensitive data should not be serialized; doing so exposes their values to any party with access to the serialization stream. There are several methods for preventing a field from being serialized:
-
Declare the field as private transient.
-
Define the serialPersistentFields field of the class in question, and omit the field from the list of field descriptors.
-
Write a class-specific serialization method (i.e., writeObject or writeExternal) which does not write the field to the serialization stream (i.e., by not calling ObjectOutputStream.defaultWriteObject).
CONTENTS | PREV
| NEXT