我应该预料到Java最终会导致序列化下降吗?
[英]Should I anticipate eventual drop of Serialization by Java?
问题描述
As a young developer I am facing an new type of issue I've never faced before. 
作为一个年轻的开发人员,我面临着从未遇到过的新型问题。 According to this article , Java plans to remove serialization and de-serialization due to security problems. 根据本文 , Java计划消除由于安全问题而导致的序列化和反序列化。
I am currently working on a project that uses serialization and de-serialization a lot. 我目前正在从事一个经常使用序列化和反序列化的项目。 The exact date where it will be dropped by java has not been announced yet (to my knowledge at least). java删除它的确切日期尚未公布(至少据我所知)。 It's not a big project, but not using serialization anymore would change the entire architecture. 这不是一个大项目,但是不再使用序列化将改变整个体系结构。
So my question is : should I anticipate it or should I wait for further details before changing the way my project work? 所以我的问题是:在更改项目工作方式之前,我应该预料到还是应该等待更多细节?
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
7 已采纳 2018-05-30 07:49:07
I'd avoid Java's serialization mechanism even if there weren't such a threat. 即使没有这样的威胁,我也将避免使用Java的序列化机制。
It's an old invention, riddled with not just security problems. 这是一个古老的发明,不仅存在安全问题。 It's Java specific, so not very good for integration with other platforms. 它特定于Java,因此与其他平台集成不是很好。 The only good thing is that it's built-in. 唯一的好处是它是内置的。
There are plenty of libraries that provide binary and other serialization support (and more), and which aren't tied to the Java development cycle. 有很多库提供二进制和其他序列化支持(以及更多),并且与Java开发周期无关。 They don't have the ghost of backwards compatibility haunting them either (at least as strong as Java's serialization). 它们也没有向后兼容的幽灵困扰它们(至少与Java的序列化一样强大)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.