Do not Allow Critical Data to be Serialized

Do not Allow Critical Data to be Serialized

In nearly all applications, there is critical data that we would not want anyone to see. Java has an easy way of implementing this. All that is required is to use the transient keyword for the variable that you do not want to be serialized. The rest is take care of by JVM.

The variable studentName will not be serialized due to the present of transient keyword in this declaration.

import*;public class DoNotSerialze{   public static void main(String args[])   {      DoNotSerialze doNotSerialze = new DoNotSerialze();      doNotSerialze.serialize();   }      private void serialize()   {      Student student = new Student();      student.setRollNum(1);      student.setStudentName("Hoffen");            try{         FileOutputStream fileOutputStream = new FileOutputStream("student.ser");         ObjectOutputStream out = new ObjectOutputStream(fileOutputStream);         out.writeObject(student);         out.close();         fileOutputStream.close();         System.out.println("Details serialized in student.ser");            }catch(FileNotFoundException fnfe)      {         System.out.println("File not found.");      }catch(IOException ioe)      {         System.out.println("IO Exception.");      }   }}class Student implements Serializable{   private int rollNum;   private transient String studentName;      public void setRollNum(int rollNum)   {      this.rollNum = rollNum;   }      public void setStudentName(String studentName)   {      this.studentName = studentName;   }   }


Share the Post: