Serialization is the process of converting a data structure into a stream of bytes for transmission or storage. It can save an object’s state, execute remote procedure calls, and distribute data objects. Deserialization restores the information into a new instance of the original object. Serialization has limitations, such as exposing private fields and only working with objects that are exactly the same as the serialized object.
In computer programming, serialization is the process of taking a data structure stored in local memory and turning it into a stream of bytes that can be transmitted over a network or stored on a disk to be reassembled and used by another program. Serialization can also be used to save the state of an object so that it can be reloaded later by the same program. A more complex use of this function is to invoke a remote procedure call (RPC), effectively executing one procedure on another computer across a network. This mechanism also allows the distribution of data objects across a large networked system.
Almost all modern computer languages have either native support for serialization or a library available to add this functionality. When an object is serialized, all fields in the object are flattened. This process is also known as deflation or marshaling. The data they are transformed into a one-dimensional line of bytes which can be written to any output stream. The type of output stream does not matter and could be a file or a network socket.
Once the data has been serialized and sent to its final location, the deserialization process begins. The program reading the byte stream restores all the information and puts it into a new instance of the original object, creating an exact copy. It is important understand that only the data that the object contained is marshaled; the object, its methods, and other implementation data are not, which means that the program deserializing the data must be able to create an instance of the class that was originally serialized.
Data structure serialization can be used for a variety of purposes. Information about objects can be stored on physical media so that the exact state of each object can be restored to the point it was in when program execution was interrupted. send messages to another computer which will cause a remote procedure to be executed. Serialization can also be used to efficiently compare state changes in real-time applications.
Before using object serialization, it is important to understand some of the limitations it imposes. Most importantly, through the process of converting an object to a byte stream, fields declared as private will be exposed. During the stream transmission, this data can be captured and decoded, presenting a security hole. Most languages allow externalization of data serialization formats, so proprietary encoding can help mitigate this risk.
Another factor to keep in mind is that serialization, in general, will only work with objects that are exactly the same as the serialized object. If new fields or methods are added to an object, then the signature of the object will change. This means that the archived object will throw an exception and the data will become unrecoverable until an instance of the original unmodified object attempts to restore it.
Protect your devices with Threat Protection by NordVPN
