...
| Code Block |
|---|
ObjectOutputStream oos = new ObjectOutputStream(
new FileOutputStream("SerialOutput"));
oos.writeObject( someObject);
oos.flush();
|
...
Serialization captures all the fields of an object , provided that its class implements the Serializable interface, including the non-public fields that are normally inaccessible, provided that the object's class implements the Serializable interface. If the byte stream to which the serialized values are written is readable, the values of the normally inaccessible fields may be readdeduced. Moreover, it may be possible to modify or forge the preserved values so that when the class is deserialized, the values become corrupted.
...