...
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] [Transient modifier|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#37020]
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 5-1 Guard sensitive data during serialization
\[[Harold 99|AA. Java References#Harold 99]\]
\[[Long 05|AA. Java References#Long 05]\] Section 2.4, Serialization
\[[Greanier 00|AA. Java References#Greanier 00]\] [Discover the secrets of the Java Serialization API|http://java.sun.com/developer/technicalArticles/Programming/serialization/]
\[[Bloch 05|AA. Java References#Bloch 05]\] Puzzle 83: Dyslexic Monotheism
\[[Bloch 01|AA. Java References#Bloch 01]\] Item 1: Enforce the singleton property with a private constructor
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 502|http://cwe.mitre.org/data/definitions/502.html] "Deserialization of Untrusted Data", [CWE ID 499|http://cwe.mitre.org/data/definitions/499.html] "Serializable Class Containing Sensitive Data" |
...
FIO31-J. Create a copy of mutable inputs 07. Input Output (FIO) FIO33-J. Do not allow serialization and deserialization to bypass the Security Manager