CONSIDER USING A CUSTOM SERIALIZED FORM
It is suggested to always use the custom serialization and
deserialization process.
This help us control the overall process of serialization
and deserialization. Default serialization and deserialization process may
cause lot of data invariants ,security breaches .
For example If you serialize an instance of a class having
non transient data. And at the time of deserialization you want to perform
certain validation before constructing object, default deserialization
mechanism does not provide that liberty.
So to get better control and make your serialization
deserialization process more extensive ,flexible and meaningful It is always
good to customize the process by overriding readObject() and writeObject()
methods.
If your
custom serialized form is identical to the default serialize form, you may decide to use the default serialized form.
Even in this case you should implement
writeObject() and readObject() methods and call defaultWriteObject() and
defaultReadObject() methods respectively from within them.
---please comment/question to discuss it further
No comments:
Post a Comment