|
Préférences
Moteurs de recherche
|
|||||||||||||||||||||
JavaTM 2 Platform Std. Ed. v1.5.0
java.io
|
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
enableSubclassImplementation | Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects | Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out. |
enableSubstitution | Substitution of one object for another during serialization or deserialization | This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data. |
BasicPermission
,
Permission
,
Permissions
,
PermissionCollection
,
SecurityManager
,
Serialized FormConstructor Summary | |
---|---|
SerializablePermission(String name)
Creates a new SerializablePermission with the specified name. |
|
SerializablePermission(String name,
String actions)
Creates a new SerializablePermission object with the specified name. |
Method Summary |
---|
Methods inherited from class java.security.BasicPermission |
---|
equals, getActions, hashCode, implies, newPermissionCollection |
Methods inherited from class java.security.Permission |
---|
checkGuard, getName, toString |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public SerializablePermission(String name)
name
- the name of the SerializablePermission.public SerializablePermission(String name, String actions)
name
- the name of the SerializablePermission.actions
- currently unused and must be set to null