...
| Code Block | ||
|---|---|---|
| ||
final class BadSer implements Serializable {
File f;
public BadSer() throws FileNotFoundException {
f = new File("c:\\filepath\\filename");
}
}
|
Compliant Soluton
This compliant solution shows a final class Ser that does not implement java.io.Serializable. Consequently, the File object cannot be serialized.
| Code Block | ||
|---|---|---|
| ||
final class Ser {
File f;
public BadSer() throws FileNotFoundException {
f = new File("c:\\filepath\\filename");
}
}
|
Compliant Solution
This compliant solution declares the File object transient. Consequently, the file path is not exposed.
...