#Safe Serializable?

I wonder if there is a way make java Serializable secure
or is it secure already?

<@&987246399047479336> please have a look, thanks.

javas own serializable cant be helped

forget about it

dont use it

uae jackson/json and dont look back

isn't it json parser?

(or similar alternatives to that. the actual format doesnt matter)

it goes both ways

and it can autotransform ur java objects to json and back

what is Serializable used for?

to persist data

if its useless for some people
why do we need transient?

for example if u want to save sth in a file or send it across the network

those keywords arent just used for javas own serialization

jackson for example uses them as well

okie

(so do other similar tools)

does java xml serialize?

or jackson json

serialization means transforming sth abstract like a java object to a data format that can be persisted. for example text or some binary format

so jackson does serialization. so do many other things

transient means that a field is not serialized

which is useful if an object references its parent

yeah. its simply skipped

ud mark fields transient that u dont want to be part of the serialization process and for example rather want to construct fresh

pretty sure jackson uses @JsonIgnore

or keyword itself

transient works too

okie 👍

so i just use jackson for storing data in secure way?

note that if you want a more compact format, don’t use JSON

compat format?

like what?

binary format

o

well i want in binary format

my data, information in binary format

doing it in json is overkill

there are some solutions such as writing to a byte buffer, but you have to be more careful than just using a json writer

implementing it manually? or what

theres bson, theres protobuf

but it all sorta works the same way ultimately

the format doesn't matter much for the principle

is it still json?

no

no

it’s not even text anymore

it’s just a file of pure data

and jackson itself also supports multiple formats. such as xml or csv

even bson?

yes bson is also not json anymore

its like protobuf compiled against a schema

json has the benefit of being readable in a text editor at the expense of file size

and hence just the pure data without structural info in it

so its minimal size

json is also extremely compatible as its the industry standard

so ull have a super easy time integrating it in other langs, systems or services

if you are dealing with very large datasets then binary is better, I have a file exported in a binary format and JSON and the binary is 72 KB and the json is around 300 KB

which both is small enough unless u need to send that around a lot

or similar

it depends on the use case ultimately

but yeah, u got ur options

You can afaik by only using records

depends on what's in those records