开发者

How to make DataContractSerializer safer?

开发者 https://www.devze.com 2022-12-19 09:08 出处:网络
I ran into a scenario recently where one of our devs added an object to our data contract that was not marked as a data member.We are using using the DataContractSerializer to store a configuration fi

I ran into a scenario recently where one of our devs added an object to our data contract that was not marked as a data member. We are using using the DataContractSerializer to store a configuration file for a piece of hardware we are controlling. The serialize operation did not succeed, obviously.

The major problem this uncovered was that the configuration file got destroyed during the process. Does anyone know of a way to make sure the object graph will serialize prior to trying to serialize it?

The stack trace from the serialization exception fails at a call to XmlObjectSerializerContext.CheckIfTypeSerializable(..) I'm wondering if there is something like this, that I can use prior to trying to开发者_C百科 serialize.

I would like to avoid having to stream the graph to memory and then to file, but I guess this would work...

Any suggestions?


Scott, I think you mean that serialize succeeded, but *de*serialize didn't succeed. If you add an additional data member but forgot to annonate, the serializer would just ignore it during serialization. Also, if it sees an additional member during deserialization, it will throw if you're requiring strict schema validity or requiring the member to be present; but otherwise, it will simply not parse that value and move on.

There are a few ways to handle this -- using IExtensibleDataObject, requiring DataMembers, using surrogates, etc. See http://msdn.microsoft.com/en-us/library/ms731138.aspx [Data Contract Versioning] and http://msdn.microsoft.com/en-us/library/ms731083.aspx [Forward-Compatible Data Contracts] for more specific guidance.

Hope this helps!

0

精彩评论

暂无评论...
验证码 换一张
取 消