为了防止在J2EE应用框架高负载下导致程序崩溃或安全风险,即使类未显式序列化,其字段也应声明为transient或实现Serializable。不遵循此规则可能会因非序列化数据成员而导致问题。
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
