36 - Java Serialization - Protecting sensitive information using SHA1 - Code Demo 3
@backstreetbrogrammer
--------------------------------------------------------------------------------
Chapter 15 - Serialization - Protecting sensitive information using SHA1 - Code Demo 3
--------------------------------------------------------------------------------
When developing a class that provides controlled access to resources, care must be taken to protect sensitive information and functions.
During deserialization, the private state of the object is restored.
To avoid compromising a class, the sensitive state of an object must not be restored from the stream, or it must be re-verified by the class.
The easiest technique is to mark fields that contain sensitive data as private transient.
Transient fields are not persistent and will not be saved by any persistence mechanism.
Marking the field will prevent the state from appearing in the stream and from being restored during deserialization.
Since writing and reading (of private fields) cannot be superseded out
24 minutes ago 01:23:00 1
14 hours ago 05:41:47 1
1 day ago 00:42:40 1
2 days ago 00:05:08 1
2 days ago 00:00:00 5
2 days ago 00:20:21 4
3 days ago 01:42:23 1
3 days ago 00:13:43 3
4 days ago 01:38:20 248
5 days ago 00:49:59 1
5 days ago 00:05:37 1
5 days ago 00:47:07 1
5 days ago 00:23:18 1
6 days ago 01:30:31 85
1 week ago 01:56:19 11
1 week ago 00:08:30 1
1 week ago 00:42:14 4
1 week ago 03:07:51 118
1 week ago 02:36:15 1
1 week ago 00:35:41 4
2 weeks ago 00:03:17 1
2 weeks ago 00:10:03 1
2 weeks ago 00:41:19 1
2 weeks ago 00:14:50 3
