|
FlexDoc/Javadoc 2.0 Demo Java Doc |
The target name is the name of the Serializable permission (see below).
The following table lists the standard SerializablePermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
enableSubclassImplementation | Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects | Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out. |
enableSubstitution | Substitution of one object for another during serialization or deserialization | This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. |
serialFilter | Setting a filter for ObjectInputStreams. | Code could remove a configured filter and remove protections already established. |
Constructor Summary |
||
SerializablePermission(String name)
Creates a new SerializablePermission with the specified name.
|
||
Creates a new SerializablePermission object with the specified name.
|
Method Summary |
Methods inherited from class java.security.BasicPermission |
Methods inherited from class java.security.Permission |
Methods inherited from class java.lang.Object |
public SerializablePermission |
(String name) |
public SerializablePermission |
|
FlexDoc/Javadoc 2.0 Demo Java Doc |