Sign in with Facebook
“A fundamental problem with serialization is that its attack surface is too big to protect, and constantly growing: Object graphs are deserialized by invoking the readObject method on an ObjectInputStream. This method is essentially a magic constructor that can be made to instantiate objects of almost any type on the class path, so long as the type implements the Serializable interface. In the process of deserializing a byte stream, this method can execute code from any of these types, so the code for all of these types is part of the attack surface.”
―
Effective Java : Programming Language Guide
Share this quote:
Friends Who Liked This Quote
To see what your friends thought of this quote, please sign up!
0 likes
All Members Who Liked This Quote
None yet!
This Quote Is From
Effective Java : Programming Language Guide
by
Joshua Bloch8,036 ratings, average rating, 422 reviews
Browse By Tag
- love (100907)
- life (78953)
- inspirational (75505)
- humor (44219)
- philosophy (30786)
- inspirational-quotes (28685)
- god (26812)
- truth (24620)
- wisdom (24437)
- romance (24267)
- poetry (23095)
- life-lessons (22496)
- quotes (20903)
- death (20484)
- happiness (18908)
- hope (18450)
- faith (18284)
- inspiration (17213)
- travel (16436)
- spirituality (15627)
- relationships (15422)
- religion (15348)
- motivational (15233)
- life-quotes (15194)
- love-quotes (15035)
- writing (14901)
- success (14143)
- motivation (13090)
- time (12800)
- science (12035)
