4

I've read that the "Serialization is the conversion of an object to a series of bytes."

But, this definition is true for every Java object since all Java objects are represented as bytes in memory anyways.

What is the purpose of implementing "Serializable" interface if all java objects can be represented as bytes anyways?

My guess is that implementing "Serializable" interface acts as some flag (you don't even need to implement any methods), but doesn't it make more sense to have an interface called "NotSerializable"?

EDIT: I found that this question is a duplicate of previous question: Why Java needs Serializable interface?

I also found a good documentation: http://docs.oracle.com/javase/7/docs/technotes/guides/rmi/faq.html#whyserial

Thanks for the answers!

Community
  • 1
  • 1
SHH
  • 3,226
  • 1
  • 28
  • 41
  • Serialization is used to get a sequence of bytes that represents the state of the object. Then you can save them in a file to later recover it. Or send it through the net. You are correct, to make an object serializable you only need implement java.io.serializable. – Shondeslitch May 01 '15 at 00:34

2 Answers2

3

I've read that the "Serialization is the conversion of an object to a series of bytes."

Not much of a definition. The one in the Javadoc is better: "Object Serialization supports the encoding of objects and the objects reachable from them, into a stream of bytes. Serialization also supports the complementary reconstruction of the object graph from a stream."

But, this definition is true for every Java object since all Java objects are represented as bytes in memory anyways.

Bytes that you cannot access. And it's a poor definition.

What is the purpose of implementing "Serializable" interface if all java objects can be represented as bytes anyways?

So that you can serialize them to streams and recover them.

My guess is that implementing "Serializable" interface acts as some flag (you don't even need to implement any methods)

Correct.

but doesn't it make more sense to have an interface called "NotSerializable"

No. It doesn't make sense to have all objects serializable by default: consider passwords for example, or sockets.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • 1
    It makes perfect sense for a password to be serializable, even though it's not something you'd want to serialize by accident. Sockets are a good example, or open file streams, or windows. – user253751 May 01 '15 at 00:37
  • @immibis Not to the designers of Java, as that is one of the examples they continually cite, and not to me, as it is a *prima facie* security breach. – user207421 May 01 '15 at 00:43
  • Sometimes you *want* to serialize a password (although probably not using Java serialization), in particular to authenticate yourself over some secure channel (i.e. website logins). Note that Runtime.exec doesn't try to stop you executing "rm -rf --no-preserve-root /" – user253751 May 01 '15 at 00:51
  • @immibis and downvoter(s) You're arguing with the designers of Java here. They don't prevent you running `rm -rf /` any more than any other command, but they don't provide an API for it either. And you can serialize a password if you want to: just not by default. – user207421 May 05 '15 at 06:06
1
  • They are easier to save in files as you don't have to retrieve each bytes for each object and write to file.
  • Serialization allow you to specify SerialVersionUID which allow you to track the version of the objects when de-serializing and avoid incompatibility problems.
Jean-François Savard
  • 20,626
  • 7
  • 49
  • 76