开发者

reading member values from java objects serialized to disc without the classes

开发者 https://www.devze.com 2023-02-20 19:10 出处:网络
is it possible to read member values from java objects that were se开发者_高级运维rialized to disc without the classes of the objects?

is it possible to read member values from java objects that were se开发者_高级运维rialized to disc without the classes of the objects?

i think this is a big NO, ITS NOT POSSIBLE -- but I'd like to know for sure.


Sure it is possible - you just have to reimplement anything that ObjectInputStream does, skipping the parts you don't want.

The Java Object Serialization Specification contains a chapter Object Serialization Stream Protocol, which contains everything you need to know.

So, if your question is Can I be sure that nobody can access the content of my objects without deserializing the whole objects, the answer is No. See also the appendix A Security in Object Serialization, which elaborates this a bit.

0

精彩评论

暂无评论...
验证码 换一张
取 消