Java deserialization flaws: Part 2, XML deserialization This is an off-site link.  Please review our Terms of Service for additional information.

(djorm) All classes which implement the interface can be serialized and deserialized, with Java handling the plumbing automatically. In the first part of this two-part series, we looked at some of the unexpected security consequences which can arise from usage of binary deserialization in Java applications.

Read this article...

comments powered by Disqus