...
This rule is meant to prevent the unintentional serialization of sensitive information. SER02-J. Sign then seal sensitive objects before sending them outside a trust boundary applies to the intentional serialization of sensitive information.
...
It is still possible for an attacker to obtain uninitialized instances of SensitiveClass by catching NotSerializableException or by using a finalizer attack (see OBJ11-J. Be wary of letting constructors throw exceptions for more information). Consequently, an unserializable class that extends a serializable class must always validate its invariants before executing any methods. That is, any object of such a class must inspect its fields, its actual type (to prevent it being a malicious subclass), and any invariants it possesses (such as being a malicious second object of a singleton class).
Exceptions
SER03-J-EX0: Sensitive data that has been properly encrypted may be serialized.
...
Puzzle 83, "Dyslexic monotheism" | |
Item 1, "Enforce the Singleton Property with a Private Constructor" | |
| |
Section 2.4, "Serialization" | |
[Sun 2006] | Serialization Specification, A.4, Preventing Serialization of Sensitive Data |
...
SER02-J. Sign then seal sensitive objects before sending them outside a trust boundary