We can avoid serialising fields by using the transient keyword.
Is there any other way of doing that?
http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html
SUMMARY:Preventing Serialization of Sensitive Data Fields containing sensitive data should not be serialized; doing so exposes their values to any party with access to the serialization stream. There are several methods for preventing a field from being serialized:
- Declare the field as private transient.
- Define the serialPersistentFields field of the class in question, and omit the field from the list of field descriptors.
- Write a class-specific serialization method (i.e., writeObject or writeExternal) which does not write the field to the serialization stream (i.e., by not calling ObjectOutputStream.defaultWriteObject).
Here are some links.
Declaring serialPersistenetFields.