|
Java Platform 1.2 Beta 4 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.Permission | +--java.security.BasicPermission | +--java.io.SerializablePermission
The target name is the name of the Serializable permission (see below).
The following table lists all the possible SerializablePermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
enableSubclassImplementation | Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects | Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserializaiton it could, for example, deserialize a class with all its private fields zeroed out. |
enableSubstitution | Substitution of one object for another during serialization or deserialization | This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. |
BasicPermission
,
Permission
,
Permissions
,
PermissionCollection
,
SecurityManager
, Serialized FormConstructor Summary | |
SerializablePermission(String name,
String actions)
Creates a new SerializablePermission object with the specified name. |
|
SerializablePermission(String name)
Creates a new SerializablePermission with the specified name. |
Methods inherited from class java.security.BasicPermission | |
equals , getActions , hashCode , implies , newPermissionCollection |
Methods inherited from class java.security.Permission | |
checkGuard , getName , toString |
Methods inherited from class java.lang.Object | |
clone , finalize , getClass , notify , notifyAll , wait , wait , wait |
Constructor Detail |
public SerializablePermission(String name)
name
- the name of the SerializablePermission.public SerializablePermission(String name, String actions)
Policy
object
to instantiate new Permission objects.
name
- the name of the SerializablePermission.
|
Java Platform 1.2 Beta 4 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |