堆栈内存溢出
  简体   繁体   English

为什么二进制序列化要求将对象标记为可序列化?

[英]Why does Binary Serialization require the object to be marked as serializable?

 原文  2009-10-20 18:01:51       c#/ .net/ serialization

问题描述

I was using the xml serializer but when I switched to binary serialization, it throws an exception: 我使用的是xml序列化程序,但是当我切换到二进制序列化时,它会引发异常:

Runtime error: dotNet runtime exception: Type 'MyTypes.MyObject' in Assembly 'MyTypes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable. 运行时错误:dotNet运行时异常:在程序集'MyTypes中键入'MyTypes.MyObject',Version = 1.0.0.0,Culture = neutral,PublicKeyToken = null'未标记为可序列化。

Why is it different than an xml serializer in the way it asks this? 为什么它与xml序列化器的不同之处呢?

Just marking the object as serializable is enough to solve this? 只是将对象标记为可序列化就足以解决这个问题了吗? I don't want to specify how the serialization should occur. 我不想指定序列化应该如何发生。

2 个解决方案

解决方案1
 10 已采纳  2009-10-20 18:12:49

XmlSerializer is safe to use in all cases because it only serializes publicly accessible data, that users of the class could access anyway. XmlSerializer在所有情况下都可以安全使用,因为它只序列化可公开访问的数据,无论如何该类用户都可以访问。

Any of the runtime formatters (including BinaryFormatter ) serialize both publicly and privately accessible information, so may give callers access to information that they otherwise shouldn't have. 任何运行时格式化程序(包括BinaryFormatter )都会序列化公共和私人可访问的信息,因此可以让调用者访问他们原本不应该拥有的信息。 By marking your type as [Serializable] you're effectively saying that you've thought about this and are granting permission to anybody to look at the serialized information about your type. 通过将您的类型标记为[Serializable]您实际上已经考虑到了这一点,并且正在授权任何人查看有关您的类型的序列化信息。

This is a "safe by default" choice so that you don't accidentally end up serializing sensitive data like credit card details or whatever into places they shouldn't be such as logs or databases. 这是一个“默认安全”的选择,这样您就不会意外地将敏感数据(如信用卡详细信息或其他任何内容)序列化到不应该存在的位置(如日志或数据库)。

解决方案2
 2  2009-10-20 18:15:23

The fundamental difference between the BinaryFormatter and xml serializers (other than the obvious output format) is that binary serialization preserves type information (private/public properties, methods, events, etc...). BinaryFormatter和xml序列化器之间的根本区别(除了明显的输出格式)是二进制序列化保留类型信息(私有/公共属性,方法,事件等)。 That's one of the reason this type of serialization is used with remoting. 这是此类序列化与远程处理一起使用的原因之一。 The only requirement is to decorate the type with the SerializableAttribute . 唯一的要求是使用SerializableAttribute修饰类型。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 保留未标记为可序列化的对象 - Persist an object that is not marked as serializable 类序列化期间发生错误:类型未标记为可序列化 - Error during class serialization: type is not marked serializable 为什么BinaryFormatter会尝试将标记为[Serializable]的类型的对象强制转换为IConvertible? - Why would BinaryFormatter attempt to cast an object of type marked [Serializable] to IConvertible? 没有可序列化属性的二进制序列化 - Binary serialization without serializable attribute 二进制格式化程序-类型UserControl未标记为可序列化 - Binary Formatter - Type UserControl is not marked as serializable 为什么Json.NET需要System.Xml.Linq v5.0.5来序列化一个简单的对象? - Why does Json.NET require System.Xml.Linq v5.0.5 for serialization of a simple object? 序列化继承:如果基类未标记为[Serializable],会引发异常吗? - Serialization inheritance: Will an exception be thrown if the base class isn't marked [Serializable]? 从标记为可序列化的对象获取XMlNode内容 - Get the XMlNode content from object marked as serializable IsSerializable为标记为Serializable的对象返回“false” - IsSerializable returning “false” for an object marked Serializable 二进制对象图序列化 - Binary object graph serialization
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM