equal
deleted
inserted
replaced
36 |
36 |
37 import jdk.internal.misc.SharedSecrets; |
37 import jdk.internal.misc.SharedSecrets; |
38 |
38 |
39 /** |
39 /** |
40 * Filter classes, array lengths, and graph metrics during deserialization. |
40 * Filter classes, array lengths, and graph metrics during deserialization. |
|
41 * |
|
42 * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous |
|
43 * and should be avoided. Untrusted data should be carefully validated according to the |
|
44 * "Serialization and Deserialization" section of the |
|
45 * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}. |
|
46 * {@extLink serialization_filter_guide Serialization Filtering} describes best |
|
47 * practices for defensive use of serial filters. |
|
48 * </strong></p> |
|
49 * |
41 * If set on an {@link ObjectInputStream}, the {@link #checkInput checkInput(FilterInfo)} |
50 * If set on an {@link ObjectInputStream}, the {@link #checkInput checkInput(FilterInfo)} |
42 * method is called to validate classes, the length of each array, |
51 * method is called to validate classes, the length of each array, |
43 * the number of objects being read from the stream, the depth of the graph, |
52 * the number of objects being read from the stream, the depth of the graph, |
44 * and the total number of bytes read from the stream. |
53 * and the total number of bytes read from the stream. |
45 * <p> |
54 * <p> |