34 - Java Serialization - Protecting sensitive information - Code Demo 1

@backstreetbrogrammer -------------------------------------------------------------------------------- Chapter 15 - Serialization - Protecting sensitive information - Code Demo 1 -------------------------------------------------------------------------------- When developing a class that provides controlled access to resources, care must be taken to protect sensitive information and functions. During deserialization, the private state of the object is restored. To avoid compromising a class, the sensitive state of an object must not be restored from the stream, or it must be re-verified by the class. The easiest technique is to mark fields that contain sensitive data as private transient. Transient fields are not persistent and will not be saved by any persistence mechanism. Marking the field will prevent the state from appearing in the stream and from being restored during deserialization. Since writing and reading (of private fields) cannot be superseded outside the cl