为什么二进制序列化要求被标记为可序列化对象？ [英] Why does Binary Serialization require the object to be marked as serializable?

问题描述

我用的是XML序列化，但是当我切换到二进制序列化，它抛出一个异常：

I was using the xml serializer but when I switched to binary serialization, it throws an exception:

-- Runtime error: dotNet runtime exception: Type 'MyTypes.MyObject' in Assembly 'MyTypes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable.

为什么比它要求这种方式的XML序列化不同？

Why is it different than an xml serializer in the way it asks this?

只是标记对象序列化是足以解决这个？我不想指定序列化应该是如何发生的。

Just marking the object as serializable is enough to solve this? I don't want to specify how the serialization should occur.

推荐答案

的XmlSerializer 是安全的在所有情况下使用，因为它只是序列化公开访问数据，即对用户类可以反正访问。

XmlSerializer is safe to use in all cases because it only serializes publicly accessible data, that users of the class could access anyway.

任何运行格式化（包括的BinaryFormatter ）序列公开及不公开的信息，因此可以给呼叫者获取信息，他们，否则不应该有。通过标记你的类型为 [Serializable接口] 你有效地说，你已经想到这个问题，并授予权限给任何人看你的类型的序列化的信息。

Any of the runtime formatters (including BinaryFormatter) serialize both publicly and privately accessible information, so may give callers access to information that they otherwise shouldn't have. By marking your type as [Serializable] you're effectively saying that you've thought about this and are granting permission to anybody to look at the serialized information about your type.

这是一个安全的默认选择，这样你就不会意外结束序列，如信用卡的详细信息或任何进入的地方，他们不应该是这样的日志和数据库。

This is a "safe by default" choice so that you don't accidentally end up serializing sensitive data like credit card details or whatever into places they shouldn't be such as logs or databases.

这篇关于为什么二进制序列化要求被标记为可序列化对象？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！