Java Language Security

• Object serialization can be a problem

  • Objects are externalized as series of bytes
  • Data may be tampered with before the object is reconstructed

• Some solutions:

  • objects must be declared “serializable”
  • “private transient” disallows serialization
  • writeObject() and readObject() methods let you implement your own encryption