The target name is the name of the Serializable permission (see below).
The following table lists the standard
SerializablePermission target names,
and for each provides a description of what the permission allows
and a discussion of the risks of granting code the permission.
|Permission Target Name
|What the Permission Allows
|Risks of Allowing this Permission
|Subclass implementation of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects
|Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserialization it could, for example, deserialize a class with all its private fields zeroed out.
|Substitution of one object for another during serialization or deserialization
|This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data.
|Setting a filter for ObjectInputStreams.
|Code could remove a configured filter and remove protections already established.
(String name)Creates a new SerializablePermission with the specified name. The name is the symbolic name of the SerializablePermission, such as "enableSubstitution", etc.
SerializablePermissionCreates a new SerializablePermission object with the specified name. The name is the symbolic name of the SerializablePermission, and the actions String is currently unused and should be null.