Page History

"An inner class is a nested class that is not explicitly or implicitly declared static" [JLS 2005]. Serialization of inner classes (including local and anonymous classes) is error prone. According to the Serialization Specification [Sun 2006]:

Serializing an inner class declared in a non-static context that contains implicit non-transient references to enclosing class instances results in serialization of its associated outer class instance.

...

MITRE CWE

CWE-499, "Serializable Class Containing Sensitive Data"

Bibliography

[API 2006]	Interface Externalizable
	Interface Serializable
[Bloch 2008]	Item 74: "Implement serialization judiciously"
[JLS 2005]	Section 8.1.3, Inner Classes and Enclosing Instances
[Sun 2006]	"Serialization specification", Section 1.10 The Serializable Interface

...

Rule 14: Serialization (SER)Image Added

Space shortcuts

Page tree

Versions Compared

Old Version 67

New Version 68

Key

Bibliography