E.4. Controlling serialization
E.4.1. Preventing incorrect deserialization
Naturally we need to be able to prevent a serialized object from being deserialized into an object of the wrong type. The standard scheme prevents this by storing the type of the object along with its instance variables.
There is, however, a more subtle way that serialization can fail: The object being read may have the same class as an object that was written, but may have different instance variables. This can happen if, for example, the class was modified and recompiled between the writeObject and readObject calls. When using RMI, this situation arises if different versions of the class are deployed on the client and server. To avoid this problem, all classes that ...