|
Préférences
Moteurs de recherche
|
|||||||||||||||||||
JavaTM 2 Platform Std. Ed. v1.4.2
java.io
|
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
enableSubclassImplementation | Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects | Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserializaiton it could, for example, deserialize a class with all its private fields zeroed out. |
enableSubstitution | Substitution of one object for another during serialization or deserialization | This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. |
BasicPermission
,
Permission
,
Permissions
,
PermissionCollection
,
SecurityManager
,
Serialized FormConstructor Summary | |
SerializablePermission(String name)
Creates a new SerializablePermission with the specified name. |
|
SerializablePermission(String name,
String actions)
Creates a new SerializablePermission object with the specified name. |
Methods inherited from class java.security.BasicPermission |
equals, getActions, hashCode, implies, newPermissionCollection |
Methods inherited from class java.security.Permission |
checkGuard, getName, toString |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public SerializablePermission(String name)
name
- the name of the SerializablePermission.public SerializablePermission(String name, String actions)
name
- the name of the SerializablePermission.actions
- currently unused and must be set to null