List of "Preferred Alternatives" is misleading and gives inappropriate choices

[ClaudioFriederich]

Type of issue

Missing information

Description

[Enter feedback here] The "Preferred Alternatives" list states "BinaryReader and BinaryWriter for XML and JSON". This is very misleading. BinaryReader/Writer are low-level classes for writing primitive types. They are completely unrelated to XML and JSON.

Switching from BinaryFormatter to BinaryReader/Writer is a very poor recommendation. BinaryReader/Writer are low-level I/O classes, requiring reading/writing individual primitive types manually, They are not serializers at all, and using them to serialize even a simple type in lieu of BinaryFormatter is an enormous amount of manual code, which must be meticulously updated and re-tested with every minute change in the type being serialized.

Furthermore, all the other alternatives listed use JSON/XML based formats. As such, they are not appropriate alternatives for BinaryFormatter, which uses a highly compact binary format, as would be needed where transmission/storage size, speed are paramount, and human readability of the data is unimportant. Such needs cannot be met by verbose formats like XML or JSON. The article must suggest a serialization mechanism that meets such design goals the way BinaryFormatter does. For example, the serialization method gRPC uses.

Bottom line, the recommended alternatives are inappropriate for design needs met by BinaryFormatter, and should be replaced with recommendations that have design and performance characteristics equivalent to BinaryFormatter.

Page URL

https://learn.microsoft.com/en-us/dotnet/standard/serialization/binaryformatter-security-guide

Content source URL

https://github.com/dotnet/docs/blob/main/docs/standard/serialization/binaryformatter-security-guide.md

Document Version Independent Id

52919538-8a37-e4fa-2483-607c220e7ea2

Article author

@GrabYourPitchforks

Metadata

• ID: d4a9e65f-dc69-2d49-763a-3ef41bd055ae
• Product: dotnet-fundamentals