我们可以通过使用transient关键字来避免序列化字段.
有没有其他的方法呢?
有没有其他的方法呢?
解决方法
http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html
SUMMARY:Preventing Serialization of
Sensitive Data Fields containing
sensitive data should not be
serialized; doing so exposes their
values to any party with access to the
serialization stream. There are
several methods for preventing a field
from being serialized:
- Declare the field as private transient.
- Define the serialPersistentFields
field of the class in question,and
omit the field from the list of
field descriptors.- Write a class-specific serialization
method (i.e.,writeObject or
writeExternal) which does not write
the field to the serialization
stream (i.e.,by not calling
ObjectOutputStream.defaultWriteObject).
这里有一些链接.
Declaring serialPersistenetFields.
