File: BanSerializableRead.md

package info (click to toggle)
error-prone-java 2.18.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 23,204 kB
  • sloc: java: 222,992; xml: 1,319; sh: 25; makefile: 7
file content (9 lines) | stat: -rw-r--r-- 455 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
 
The Java `Serializable` API is very powerful, and very dangerous. Any
consumption of a serialized object that cannot be explicitly trusted will likely
result in a critical remote code execution bug that will give an attacker
control of the application. (See
[Effective Java 3rd Edition ยง85][ej3e-85])

[ej3e-85]: https://www.google.co.uk/books/edition/Effective_Java/ka2VUBqHiWkC

Consider using less powerful serialization methods, such as JSON or XML.