SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Title: SER04-J. Do not allow serialization and deserialization to bypass the security manager  
Author: Dhruv Mohindra Jul 09, 2008
Last Changed by: Michal Rozenau May 18, 2021
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/0zdGBQ
Export As: Word · PDF  
Incoming Links
SEI CERT Oracle Coding Standard for Java (3)
    Page: SER05-J. Do not serialize instances of inner classes
    Page: SER03-J. Do not serialize unencrypted sensitive data
    Page: OBJ58-J. Limit the extensibility of classes and methods with invariants
Hierarchy
Parent Page
    Page: Rule 14. Serialization (SER)
Labels
Global Labels (8)
Recent Changes
Time Editor  
May 18, 2021 08:48 Michal Rozenau View Changes
Parasoft Jtest 2021.1
Feb 26, 2021 09:46 Michal Rozenau View Changes
Parasoft Jtest 2020.2
Feb 12, 2018 22:02 Will Snavely View Changes
Jan 05, 2017 14:54 Will Snavely View Changes
Nov 03, 2015 18:59 Arthur Hicken  
added parasoft
Outgoing Links
External Links (1)
    www.oracle.com/technetwork/java/seccodeguide-139067.html
SEI CERT Oracle Coding Standard for Java (10)     Page: Rule BB. Glossary
    Page: Rule 14. Serialization (SER)
    Home page: SEI CERT Oracle Coding Standard for Java
    Page: TSM01-J. Do not let the this reference escape during object construction
    Page: Rule AA. References
    Page: SER05-J. Do not serialize instances of inner classes
    Page: Parasoft
    Page: SEC04-J. Protect sensitive operations with security manager checks
    Page: Parasoft_V
    Page: SER03-J. Do not serialize unencrypted sensitive data