为什么每种类型的对象都不可序列化? [英] Why isn't every type of object serializable?

问题描述

为什么不是每种类型的对象都隐式可序列化?

Why isn't every type of object implicitly serializable?

在我有限的理解中，对象不是简单地存储在堆中，还是指向它们的指针在栈中吗?

In my limited understanding, are objects not simply stored on the heap and pointers to them on the stack?

您不应该能够以编程方式遍历它们，以通用格式存储它们并能够从那里重建它们吗?

Shouldn't you be able to traverse them programatically, store them in a universal format and also be able to reconstruct them from there?

推荐答案

某些对象封装了诸如文件指针或网络套接字之类的资源，这些资源无法反序列化到序列化它们时所处的状态.包含它们的对象.

Some objects encapsulate resources like file pointers or network sockets that can't be deserialized to the state they were in when you serialized the object that contained them.

示例:您不应该反序列化 用作身份验证的对象 数据库连接，因为这样做， 您需要序列化表格来 包含一个纯文本密码.这 不会是一个好习惯，因为 有人可能会保留已保存的内容 序列化表格.你也没有 当您反序列化该主意时， 数据库服务器仍在运行，可以 被访问，身份验证 凭证仍然有效，等等.

Example: you shouldn't deserialize an object that serves as an authenticated database connection, because to do so, you'd need the serialized form to contain a plaintext password. This would not be a good practice, because someone might get a hold of the saved serialized form. You also have no idea when you deserialize that the database server is still running, can be accessed, the authentication credentials still valid, etc.

这篇关于为什么每种类型的对象都不可序列化?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！