...
Wiki Markup |
---|
\[[JLS 05|AA. Java References#JLS 05]\] [Transient modifier|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020] \[[SCG 07|AA. Java References#SCG 07]\] Guideline 5-1 Guard sensitive data during serialization \[[Sun 06|AA. Java References#Sun 06]\] "Serialization specification: A.4 Preventing Serialization of Sensitive Data" \[[Harold 99|AA. Java References#Harold 99]\] \[[Long 05|AA. Java References#Long 05]\] Section 2.4, Serialization \[[Greanier 00|AA. Java References#Greanier 00]\] [Discover the secrets of the Java Serialization API|http://java.sun.com/developer/technicalArticles/Programming/serialization/] \[[Bloch 05|AA. Java References#Bloch 05]\] Puzzle 83: Dyslexic Monotheism \[[Bloch 01|AA. Java References#Bloch 01]\] Item 1: Enforce the singleton property with a private constructor \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 502|http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data", [CWE ID 499|http://cwe.mitre.org/data/definitions/499.html] "Serializable Class Containing Sensitive Data" |
...
SER03SER02-J. Extendable classes should not declare readResolve() and writeReplace() private or static 14. Serialization (SER) SER31-J. Validate deserialized objects