Thursday, October 24, 2002 12:53 PM
If you simply do not declare your object to be
, then serialization will be prevented.
As you mentioned, someone can subclass your class and serialize that object. The two techniques that you provide seem like reasonable prevention mechanisms.
Why do you want to prevent serialization in the first place? If there is sensitive data that you are worried will be serialized and possibly stolen, then you could mark those sensitive fields as
transient, and therefore will not be serialized.
Since you want to prevent serialization in the first place, making the serialized copy of the object invalid (by omitting sensitive data) should not be a concern.
Hope that helps,