0

This article: https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide puts a ton of fear into never ever using BinaryFormatter in any type of .NET application, even if it is a desktop app where files are only saved on local hard-drive.

We have a .NET Core 3.1 Desktop app that uses the BinaryFormatter for in-process serialization to/from MemoryStream. So, the app is NOT deserializing from a physical file. Is this safe, and will the BinaryFormatter be supported in future versions of .NET Core for such purposes?

heapoverflow
  • 85
  • 1
  • 8
  • 2
    Will it be supported? No. .Net 5 is already moving to not support it and by .Net 6 it may not be supported at all. Suggestion is to move to Protocol Buffers - [is-there-a-high-performance-way-to-replace-the-binaryformatter-in-net5](https://stackoverflow.com/questions/64799591/is-there-a-high-performance-way-to-replace-the-binaryformatter-in-net5) – Ryan Wilson Apr 19 '21 at 20:00
  • 2
    BinaryFormatter won't supported anymore. – aepot Apr 19 '21 at 22:34
  • @RyanWilson It does not show as 'obsolete' yet in .NET Core 3.1. What would you recommend between JSON vs XML serialization? Even though protobuf etc seem to be widely used, they are still not part of Microsoft API, and we want to use only Microsoft API for now. – heapoverflow Apr 20 '21 at 12:59
  • @heapoverflow Protocol Buffers - [is-there-a-high-performance-way-to-replace-the-binaryformatter-in-net5](https://stackoverflow.com/questions/64799591/is-there-a-high-performance-way-to-replace-the-binaryformatter-in-net5) – Ryan Wilson Apr 20 '21 at 16:17

0 Answers0