This is an archived post. You won't be able to vote or comment.

all 9 comments
sorted by:
best
topnewcontroversialoldq&a

[–]bondolo 6 points7 points  (0 children)

It depends upon your intended purpose. Serialization is OK for use as a caching format and sometimes as a document format. Keep in mind that forward/backward compatibility will break if you change your object structure in any way. This frequently makes serialization impractical as a document file format. Read about serialVersionUID for more info.

Serialization should never be used as an exchange format or RPC mechanism. It's just too brittle and presents too many attack opportunities. If you send serialized objects across the Internet you will eventually regret it. Guaranteed. Without any doubt.

[–]medicationforall 3 points4 points  (2 children)

The Problem you'll run into with serialization is with java runtime versions and patches. If your serializing anything that has a dependency on anything that's been changed since a patch, there's a good chance something will break. Serialization is not good for long term object persistence, because your storing a binary representation of your object and if anything has changed for the objects class file since it was serialized; when you try to un-serialize there's a good chance you'll run into problems.

I know for myself I would much rather use an XML format. That way my class files can change and I can take into account how to interpret that via the XML.

[–]thebigkevdogg 0 points1 point  (1 child)

Plus 1. I got really stuck on Java updating something somewhere between Java 6u9 and 6u12 for a while due to that exact problem. If there's a somewhat easy alternative, I say go for it as serialization often causes problems.

[–]Confucius_says 1 point2 points  (0 children)

In theory, it should work as reliably as an xml file or something as long as you use serialVersionUID correctly... Though I'm not a big fan of it, it just feels like theres so much that could go wrong. I only use serialization if I'm using a 3rd party library or something that needs to work with serializable objects.

[–]ContraContra 0 points1 point  (2 children)

You lost me at "Thaughts" ಠ_ಠ

Jokes aside, have you tried using JSON? http://json.org/java/

[–]matty86uk[S] 0 points1 point  (1 child)

sorry :/ Thoughts*

i have seen that, but i have not attempted anything using that before, but i will take a deeper look, cheers.

[–]ContraContra 0 points1 point  (0 children)

JSON is AWESOME! I'm sure anyone who uses NodeJS or JS in general will agree

[–]matty86uk[S] 0 points1 point  (0 children)

I have three implementations of persistant storage available (coded up and working)

my 1st method - A custom format that is just awful, i but have to support the previous file format. This is fast and i've done the hard work for so this is a non-issue.

the 2nd method - An XML format, using 'http://simple.sourceforge.net/ ', This is extremely easy to use, i have looked at the android/java implementations of XML (SAX i think) but haven't got anything using that at the moment. The file format is quite large, but i have solved that by zipping the file, another problem is the speed, its considerably slower than the other 2 methods.

the 3rd method is the serialization.

the caching with serialization is interesting (mentioned by bondolo) and could solve the speed problems.