Can somebody please help me in understanding what are the following attacks and how does java make these attacks impossible:
- overrunning the routine stack- a common attack of worms and viruses
- corrupting memory outside its own process space
- reading or writing files without permission.
I am well versed in c/c++ and starting with java so please help me understand these.
First, the security issues are more a question of the implementation, rather than the language. Java does impose some security checks (bounds checking, etc.) that are optional (and very expensive in runtime) in C++. With regards to your specific issues:
I presume this refers to the classical buffer overrun issue,
which often was a problem in C. In C++, we use std::vector
,
which can (and usually does, at least when the correct compiler
options are given) do the same checks as Java. If, on the other
hand, it does refer to stack overflow (e.g. as a result of too
deep recursion), then because the stack of the JVM is not the
machine stack, Java can do extra checks, and also guarantee an
out of memory exception in the case of stack overflow. (This is
also possible in C++, but I don't know of a compiler which does
it. And the operating systems don't always make it that easy.)
This is an OS issue, not a language issue. Modern OS's doesn't allow programs to access memory outside their own process space, so neither Java nor C++ allow it.
As above, this is an OS issue, not a language issue, and modern OS's enforce it relatively well, regardless of whether the program is written in Java or in C++.
In summary, both 2 and 3 are impossible, regardless of the language, and 1 won't occur in well written C++ (although it was a problem in the past with C).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With