Tuesday, April 19, 2011

Security concerns with serialization

Serialization can allow other code to see or modify object instance data that would otherwise be inaccessible. Therefore, code performing serialization requires the SecurityPermission attribute from System.Security.Permissions namespace with the SerializationFormatter flag specified. The GetDataObject method should be explicitly protected to help protect your data.

No comments:

Post a Comment