Task: I would like to serialize a signature that is obtained from a user signing in a canvas to a blob in a table. Also allow the info to be retrieved from the table and redisplayed upon need. (Or some other way if better) Has anyone done this? If so, can you shed some light on the way to do this? Thanks for your advice in advance!
Instead of serializing the object, why not just make an image out of the signature and save it as gif or jpg by writing the byte stream to the db? You can look at the java advanced imaging package for more help on this.
Well, storing a serialized object is just as insecure as storing a plain gif. Security through obscurity is no security at all -- in fact, because of the warm fuzzy feeling it gives it can be worse than having no security at all. If you need to be tamper-resistant (most likely), take a digital signature of the image and store it in an additional field in the database. If you choose serialization, you can use a signed object wrapper. If things need to remain secret, you can use either symmetric or asymmetric encryption. Again, there is a nice wrapper available for encrypted serialization of Java objects. - Peter