Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why Java is secure compared with other programming languages? [closed]

Java vendor and community says that "Java is more secure than other languages". But i want to know how?

If we look at programming in Java and .Net, they appear similar.

Steps involved in .net programming Click to know more

  1. Write .net program.
  2. Compiling your code to MSIL (Compiling translates your source code into Microsoft intermediate language (MSIL) and generates the required metadata).
  3. Compiling MSIL to native code (At execution time, a just-in-time (JIT) compiler translates the MSIL into native code. During this compilation, code must pass a verification process that examines the MSIL and metadata to find out whether the code can be determined to be type safe).
  4. Running code(The common language runtime provides the infrastructure that enables execution to take place and services that can be used during execution).

Steps involved in java programming Click to know more

  1. Write a Java program
  2. Compiling a Java Program (Java compiler converts java source code to .class file which is a byte code)
  3. Program loading into memory by JVM( JVM loads .class file into memory do byte code verification and converts .clsss file in machine language)
  4. Execution of Java program (Whatever actions we have written in our Java program, JVM executes them by interpreting bytecode. If we talk about old JVM's they were slow, executed and interpreted one bytecode at a time. Modern JVM uses JIT compilation unit to which we even call just-in-time compilation).

If we look the steps in both the language they are almost same then "Why is Java more secure compared with other languages?"

like image 552
Rais Alam Avatar asked Jan 08 '13 07:01

Rais Alam


People also ask

Why is Java more secure than other languages?

Java is secure due to the following reasons: Java programs run inside a virtual machine which is known as a sandbox. Java does not support explicit pointer. Byte-code verifier checks the code fragments for illegal code that can violate access right to object.

Why Java is a secure platform?

Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in.

Why is Java considered to robust and secure?

Java is robust because it utilizes strong memory management. There is an absence of pointers that bypasses security dilemmas. There is automatic garbage collection in Java which runs on the Java Virtual Machine to eliminate objects which are not being accepted by a Java application anymore.

How is Java a safe programming language?

Features that make Java a secure language –JVM checks the byte-code every time a new code is getting executed. Java has object access restrictions and this JVM verifies if anyway the control jumps to any unsafe location or any inaccessible objects are being accessed. It provides an extra layer of safety.


3 Answers

There are many reasons why Java is a safe language, and it's definitely safer than some languages, but I think it's a stretch to say that it's safer than all other languages.

Java has a variety of safety features in place:

  1. Automatic null-checking of references, bounds-checking of arrays, verification of casts, etc. to prevent the program from making type errors. Compare this to C or C++, where these same errors (with a few exceptions) cause undefined behavior.

  2. Verification of bytecode prior to execution. This makes it impossible for the program to jump to an undefined instruction, or to try to perform an operation on a nonexistent object, or to make a type error at the instruction level, etc. Compare this to C or assembly, where the program can jump to bad instructions, or try reading nonexistent parameters to functions (think va_args), etc.)

  3. Runtime security checks when loading in new code. The use of SecurityManager and ClassLoader make it easy for the Java runtime to prevent arbitrary code from executing on the computer by mediating access to system resources and preventing the program from loading or generating arbitrary code at runtime. Compare this to C or C++, which can read and write arbitrary values, issue arbitrary system calls, generate and execute arbitrary code, etc.

  4. Library-level safety of certain features. For example, String is immutable and final, so a function that receives a String can verify the string and not have to worry about another thread changing its value.

This isn't a complete list of Java's safety features, but it should give you a sense of some of the design considerations in Java that are not present in other languages.

Hope this helps!

like image 142
templatetypedef Avatar answered Sep 22 '22 06:09

templatetypedef


You mention you read some where but can you please re-read it because I guess when it was written the author would be comparing the JAVA with C++ / Fortran / C etc.

Also there is an old post you can read about the testability of security in http://www.veracode.com/blog/2010/06/which-tastes-better-for-security-java-or-net/

you can see both are same almost....

like image 26
Jigar Pandya Avatar answered Sep 23 '22 06:09

Jigar Pandya


Java or .Net programs, compared to C and the likes, are not subject to a few simple types of security vulnerabilities - buffer overflows or format string errors.

While this gets rid of some ways in which remote code execution can be obtained, Java does nothing to prevent, for example, any of web application vulnerabilities. It does not help with logic errors either.

like image 38
Vitaly Osipov Avatar answered Sep 26 '22 06:09

Vitaly Osipov