enableSubclassImplementation |
Subclass implementation of ObjectOutputStream or ObjectInputStream
to override the default serialization or deserialization, respectively,
of objects |
Code can use this to serialize or
deserialize classes in a purposefully malfeasant manner. For example,
during serialization, malicious code can use this to
purposefully store confidential private field data in a way easily accessible
to attackers. Or, during deserializaiton it could, for example, deserialize
a class with all its private fields zeroed out. |