explanation to java as a secure language? [closed]

Question

Can somebody please help me in understanding what are the following attacks and how does java make these attacks impossible:

1. overrunning the routine stack- a common attack of worms and viruses
2. corrupting memory outside its own process space
3. reading or writing files without permission.

I am well versed in c/c++ and starting with java so please help me understand these.

Answer 1

First, the security issues are more a question of the implementation, rather than the language. Java does impose some security checks (bounds checking, etc.) that are optional (and very expensive in runtime) in C++. With regards to your specific issues:

1. I presume this refers to the classical buffer overrun issue, which often was a problem in C. In C++, we use std::vector, which can (and usually does, at least when the correct compiler options are given) do the same checks as Java. If, on the other hand, it does refer to stack overflow (e.g. as a result of too deep recursion), then because the stack of the JVM is not the machine stack, Java can do extra checks, and also guarantee an out of memory exception in the case of stack overflow. (This is also possible in C++, but I don't know of a compiler which does it. And the operating systems don't always make it that easy.)

2. This is an OS issue, not a language issue. Modern OS's doesn't allow programs to access memory outside their own process space, so neither Java nor C++ allow it.

3. As above, this is an OS issue, not a language issue, and modern OS's enforce it relatively well, regardless of whether the program is written in Java or in C++.

In summary, both 2 and 3 are impossible, regardless of the language, and 1 won't occur in well written C++ (although it was a problem in the past with C).