Reputation: 1385
Should I anticipate eventual drop of Serialization by Java?
As a young developer I am facing an new type of issue I've never faced before. According to this article, Java plans to remove serialization and de-serialization due to security problems.
I am currently working on a project that uses serialization and de-serialization a lot. The exact date where it will be dropped by java has not been announced yet (to my knowledge at least). It's not a big project, but not using serialization anymore would change the entire architecture.
So my question is : should I anticipate it or should I wait for further details before changing the way my project work?
Thanks in advance.
Upvotes: 0
Views: 118
Answers (1)
Reputation: 73548
I'd avoid Java's serialization mechanism even if there weren't such a threat.
It's an old invention, riddled with not just security problems. It's Java specific, so not very good for integration with other platforms. The only good thing is that it's built-in.
There are plenty of libraries that provide binary and other serialization support (and more), and which aren't tied to the Java development cycle. They don't have the ghost of backwards compatibility haunting them either (at least as strong as Java's serialization).
Upvotes: 7
Related Questions
- Is Serialization still used anywhere in Java by any servers, frameworks or J2EE itself?
- Why should we make our POJO's Serializable in Java?
- Understanding the importance of serialisation in Java
- Side effects of using Serializable?
- Java Serialization for Dummies
- Why wasn't java.io.Serializable deprecated in Java 5?
- Why does serialization work without implementing Serializable
- Java Serialization
- A Replacement for Java's Native Serialization
- Is implementing java.io.Serializable even in simple POJO Java classes a best practice?