Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
phương pháp tiện lợi, nối tiếp phiên bản tự động tạo ra thay đổi UID. Nếu bạn không khai báo một UID phiên bản nối tiếp rõ ràng, khả năng tương thích sẽ bị phá vỡ. Một chi phí thứ hai thực hiện Serializable là nó làm tăng khả năng lỗi và lỗ hổng bảo mật. Thông thường, các đối tượng được tạo ra bằng cách sử dụng xây dựng | Effective Java Programming Language Guide convenience method the automatically generated serial version UID changes. If you fail to declare an explicit serial version UID compatibility will be broken. A second cost of implementing Serializable is that it increases the likelihood of bugs and security holes. Normally objects are created using constructors serialization is an extralinguistic mechanism for creating objects. Whether you accept the default behavior or override it deserialization is a hidden constructor with all of the same issues as other constructors. Because there is no explicit constructor it is easy to forget that you must ensure that deserialization guarantees all of the invariants established by real constructors and that it does not allow an attacker to gain access to the internals of the object under construction. Relying on the default deserialization mechanism can easily leave objects open to invariant corruption and illegal access Item 56 . A third cost of implementing Serializable is that it increases the testing burden associated with releasing a new version of a class. When a serializable class is revised it is important to check that it is possible to serialize an instance in the new release and deserialize it in old releases and vice versa. The amount of testing required is thus proportional to the product of the number of serializable classes and the number of releases which can be large. These tests cannot be constructed automatically because in addition to binary compatibility you must test for semantic compatibility. In other words you must ensure both that the serialization-deserialization process succeeds and that it results in a faithful replica of the original object. The greater the change to a serializable class the greater the need for testing. The need is reduced if a custom serialized form is carefully designed when the class is first written Item 55 but it does not vanish entirely. Implementing the Serializable interface is