安全性和序列化Security and Serialization

由於序列化可允許其他程式碼看到或修改在其他情況下無法存取的物件執行個體資料,因此執行序列化的程式碼需要特殊權限: SecurityPermission ,並指定 SerializationFormatter 旗標。Because serialization can allow other code to see or modify object instance data that would otherwise be inaccessible, a special permission is required of code performing serialization: SecurityPermission with the SerializationFormatter flag specified. 依照預設原則,這個使用權限不會授與給網際網路下載或內部網路的程式碼;只有本機電腦上的程式碼才會被授與這個使用權限。Under default policy, this permission is not given to Internet-downloaded or intranet code; only code on the local computer is granted this permission.

通常會序列化物件執行個體的所有欄位,這表示資料會以執行個體的序列化資料來代表。Normally, all fields of an object instance are serialized, meaning that data is represented in the serialized data for the instance. 可以解譯格式的程式碼可以判斷資料值,而不論成員能否存取。It is possible for code that can interpret the format to determine what the data values are, independent of the accessibility of the member. 同樣地,還原序列化會從序列化表示法中擷取資料,並直接設定物件狀態,這同樣也不受存取能力規則的影響。Similarly, deserialization extracts data from the serialized representation and sets object state directly, again irrespective of accessibility rules.

如果可能的話,可能含有安全性顧慮資料的物件都應該設為不可序列化。Any object that could contain security-sensitive data should be made nonserializable, if possible. 如果必須是可序列化,請嘗試讓保存機密資料的特定欄位不可序列化。If it must be serializable, try to make specific fields that hold sensitive data nonserializable. 如果無法完成,請了解此資料將會公開給具有序列化權限的任何程式碼,並請確定沒有惡意程式碼可以取得此權限。If this cannot be done, be aware that this data will be exposed to any code that has permission to serialize, and make sure that no malicious code can get this permission.

ISerializable 介面只應該由序列化基礎結構所使用。The ISerializable interface is intended for use only by the serialization infrastructure. 不過,如果未受保護,它可能會釋出機密資訊。However, if unprotected, it can potentially release sensitive information. 如果您藉由實作 ISerializable M:System.Runtime.Serialization.ISerializable.GetObjectData(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext) 提供自訂序列化,請確認您採取下列預防措施:If you provide custom serialization by implementing ISerializable, make sure you take the following precautions:

  • GetObjectData 方法應該藉著要求 SecurityPermission 並指定 SerializationFormatter 權限,或是確定不會隨著方法輸出釋出任何機密資訊,明確地進行保護。The GetObjectData method should be explicitly secured either by demanding the SecurityPermission with SerializationFormatter permission specified or by making sure that no sensitive information is released with the method output. 例如:For example:

    Public Overrides<SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter := True)>  _  
    Sub GetObjectData(info As SerializationInfo, context As StreamingContext)  
    End Sub  
    
    [SecurityPermissionAttribute(SecurityAction.Demand,SerializationFormatter   
    =true)]  
    public override void GetObjectData(SerializationInfo info,   
    StreamingContext context)  
    {  
    }  
    
  • 用於序列化的特殊建構函式也應該執行徹底的輸入驗證,並且應該為受保護或私用,協助防範惡意程式碼的濫用。The special constructor used for serialization should also perform thorough input validation and should be either protected or private to help protect against misuse by malicious code. 它應該強制執行以其他方式 (例如明確建立類別或透過某種處理站間接建立) 取得這種類別的執行個體時,相同的安全性檢查和必要權限。It should enforce the same security checks and permissions required to obtain an instance of such a class by any other means, such as explicitly creating the class or indirectly creating it through some kind of factory.

另請參閱See also