The earliest technology to protect sensitive information is to declare the members that contain sensitive data as private and temporary ). variables modified with transietn are neither serialized nor serialized.
Save. such a statement does not cause sensitive data to appear in the stream or be restored through the serialization mechanism. moreover, read/write to Private Members cannot spread out of the class, so this method can protect the security of sensitive data.
Especially important classes should not be serialized at all. To ensure this, such classes cannot implement the serializable interface or the externalizable interface.
Usage of transient keywords
For some types of objects, their statuses are instantaneous. Such objects cannot save their statuses, such as a thread object or a fileinputstream object. For these fields, we must use
Transient keyword declaration, otherwise the compiler reports an error.
In addition, serialization may involve storing objects on disks or transmitting objects over the network,
At this time, security issues will occur, because the data is located outside the Java Runtime Environment,
It is not under control of the Java security mechanism.
It should be stored in permanent media, or simply not stored without processing. To ensure security, the transient keyword should be added before these fields.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
