Why Java needs Serializable interface?

by

Serialization is fraught with pitfalls. Automatic serialization support of this form makes the class internals part of the public API (which is why javadoc gives you the persisted forms of classes).

For long-term persistence, the class must be able to decode this form, which restricts the changes you can make to class design. This breaks encapsulation.

Serialization can also lead to security problems. By being able to serialize any object it has a reference to, a class can access data it would not normally be able to (by parsing the resultant byte data).

There are other issues, such as the serialized form of inner classes not being well defined.

Making all classes serializable would exacerbate these problems. Check out Effective Java Second Edition, in particular Item 74: Implement Serializable judiciously.

More Related Contents:

  1. What is object serialization?
  2. Appending to an ObjectOutputStream
  3. How to serialize a lambda?
  4. What is the difference between Serializable and Externalizable in Java?
  5. How do I use a custom Serializer with Jackson?
  6. converting Java bitmap to byte array
  7. What is Serialization?
  8. Which is the best alternative for Java Serialization?
  9. Jackson: How to add custom property to the JSON without modifying the POJO
  10. Jackson ObjectMapper – specify serialization order of object properties
  11. Java serialization – java.io.InvalidClassException local class incompatible [duplicate]
  12. Jackson – How to process (deserialize) nested JSON?
  13. How to write and read java serialized objects into a file
  14. How to serialize an object that includes BufferedImages
  15. JSF backing bean should be serializable?
  16. How to serialize a non-serializable in Java?
  17. Jersey + Jackson JSON date format serialization – how to change the format or use custom JacksonJsonProvider
  18. Jackson is not deserialising a generic list that it has serialised
  19. How do I implement TypeAdapterFactory in Gson?
  20. gwt – Using List in a RPC call?
  21. how to properly implement Parcelable with an ArrayList?
  22. How to keep fields sequence in Gson serialization
  23. Jackson JSON serialization, recursion avoidance by level defining
  24. How do you convert binary data to Strings and back in Java?
  25. Json deserialization into other class hierarchy using Jackson
  26. Java ByteBuffer to String
  27. When do I have to change the serialVersionUID?
  28. How to serialize Optional classes with Gson?
  29. Java serialization, UID not changed. Can I add new variables and method to the class?
  30. Java serialization, ObjectInputStream.readObject(), check if will block

Leave a Comment