You are not logged in. Your edit will be placed in a queue until it is peer reviewed.
We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.
Required fields*
-
Which easy to use alternatives are shipped with JDK? It is not just easy to use, it requires no dependencies.Basilevs– Basilevs2025-04-18 11:02:44 +00:00Commented Apr 18 at 11:02
-
1I don't think this answer goes deep enough to show that a problem exists. A naive user would not expect what you described to be a problem unless they wrote some class with an obviously dangerous readObject method. An attacker can write a class with an evil readObject method, yes, but they can't make your program load that class, so it's safe. Unless you can trick a "safe" readObject method from the standard library into doing something bad - and the fact that is possible is the surprising part.Stack Exchange Broke The Law– Stack Exchange Broke The Law2025-04-18 15:19:02 +00:00Commented Apr 18 at 15:19
-
1I do write "any serializable class available to your program" - so it's not just the standard library, but any library that you use.meriton– meriton2025-04-19 06:44:44 +00:00Commented Apr 19 at 6:44
-
1@meriton Other libraries are the same way as the standard library - someone who doesn't know this is possible won't expect it to be possible, since they don't import evil libraries into their program. The fact that it's possible without an evil library is surprising.Stack Exchange Broke The Law– Stack Exchange Broke The Law2025-04-19 12:59:15 +00:00Commented Apr 19 at 12:59
-
1The main justification for the risk is probably to load legacy data. Losing data is rarely acceptable, so you can just mitigate the problem as well as you can, and try to migrate the data to a newer format as soon as possible.JonasH– JonasH2025-04-23 14:06:45 +00:00Commented Apr 23 at 14:06
|
Show 1 more comment
How to Edit
- Correct minor typos or mistakes
- Clarify meaning without changing it
- Add related resources or links
- Always respect the author’s intent
- Don’t use edits to reply to the author
How to Format
-
create code fences with backticks ` or tildes ~
```
like so
``` -
add language identifier to highlight code
```python
def function(foo):
print(foo)
``` - put returns between paragraphs
- for linebreak add 2 spaces at end
- _italic_ or **bold**
- indent code by 4 spaces
- backtick escapes
`like _so_` - quote by placing > at start of line
- to make links (use https whenever possible)
<https://example.com>[example](https://example.com)<a href="https://example.com">example</a>
How to Tag
A tag is a keyword or label that categorizes your question with other, similar questions. Choose one or more (up to 5) tags that will help answerers to find and interpret your question.
- complete the sentence: my question is about...
- use tags that describe things or concepts that are essential, not incidental to your question
- favor using existing popular tags
- read the descriptions that appear below the tag
If your question is primarily about a topic for which you can't find a tag:
- combine multiple words into single-words with hyphens (e.g. design-patterns), up to a maximum of 35 characters
- creating new tags is a privilege; if you can't yet create a tag you need, then post this question without it, then ask the community to create it for you
lang-java