Thanks Lars for the clarification. Looks like a bad plan to fix all broken implementations using ObjectInputStream and better remove it completely in a GWT-RPC environment.
You can use Java serialization just fine as long as you can be sure no one has modified your serialized data and that the data has actually been produced by your app. A digital signature would solve that.
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
Post a Comment