> By definition you can't trust that "untrusted data" has been serialized correctly.
Please read the comment again. They said the person loading the data is the same person that serialized it. The data came from an untrusted source prior to being serialized.
For example, consider a guestbook program. People send it untrusted text and then the program serializes it into a database. Reading the database back is safe.
Please read the comment again. They said the person loading the data is the same person that serialized it. The data came from an untrusted source prior to being serialized.
For example, consider a guestbook program. People send it untrusted text and then the program serializes it into a database. Reading the database back is safe.