Copyright © 2001 Qusay H. Mahmoud
Security in Object
Serialization
lConsider the following snippet of code:
public class PasswordFile implements Serializable {
private String
passwd;
…
}
lIf we serialize this object we’ll end up writing the password to a file, because:
lObject Serialization has access to all instance variables, including private, within a serializable
class.