...
Refer to guideline SEC08-J. Protect sensitive operations with security manager checks to learn about implementing the performSecurityManagerCheck() method. As with guideline void SER04-J. Validate deserialized objects, it is important to protect against the finalizer attack.
...
| Wiki Markup |
|---|
\[[Long 2005|AA. Bibliography#Long 05]\] Section 2.4, Serialization \[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 5-3 Duplicate the SecurityManager checks enforced in a class during serialization and deserialization |
...
SER04-J. Validate deserialized objects 16. Serialization (SER) SER06-J. Do not serialize instances of inner classes