Menu
Java vendor and community says that "Java is more secure than other languages". But i want to know how?
If we look at programming in Java and .Net, they appear similar.
Steps involved in .net programming Click to know more
Steps involved in java programming Click to know more
If we look the steps in both the language they are almost same then "Why is Java more secure compared with other languages?"
552
Java is secure due to the following reasons: Java programs run inside a virtual machine which is known as a sandbox. Java does not support explicit pointer. Byte-code verifier checks the code fragments for illegal code that can violate access right to object.
Underlying the Java SE Platform is a dynamic, extensible security architecture, standards-based and interoperable. Security features — cryptography, authentication and authorization, public key infrastructure, and more — are built in.
Java is robust because it utilizes strong memory management. There is an absence of pointers that bypasses security dilemmas. There is automatic garbage collection in Java which runs on the Java Virtual Machine to eliminate objects which are not being accepted by a Java application anymore.
Features that make Java a secure language –JVM checks the byte-code every time a new code is getting executed. Java has object access restrictions and this JVM verifies if anyway the control jumps to any unsafe location or any inaccessible objects are being accessed. It provides an extra layer of safety.
There are many reasons why Java is a safe language, and it's definitely safer than some languages, but I think it's a stretch to say that it's safer than all other languages.
Java has a variety of safety features in place:
Automatic null-checking of references, bounds-checking of arrays, verification of casts, etc. to prevent the program from making type errors. Compare this to C or C++, where these same errors (with a few exceptions) cause undefined behavior.
Verification of bytecode prior to execution. This makes it impossible for the program to jump to an undefined instruction, or to try to perform an operation on a nonexistent object, or to make a type error at the instruction level, etc. Compare this to C or assembly, where the program can jump to bad instructions, or try reading nonexistent parameters to functions (think va_args), etc.)
Runtime security checks when loading in new code. The use of SecurityManager and ClassLoader make it easy for the Java runtime to prevent arbitrary code from executing on the computer by mediating access to system resources and preventing the program from loading or generating arbitrary code at runtime. Compare this to C or C++, which can read and write arbitrary values, issue arbitrary system calls, generate and execute arbitrary code, etc.
Library-level safety of certain features. For example, String is immutable and final, so a function that receives a String can verify the string and not have to worry about another thread changing its value.
This isn't a complete list of Java's safety features, but it should give you a sense of some of the design considerations in Java that are not present in other languages.
Hope this helps!
142
You mention you read some where but can you please re-read it because I guess when it was written the author would be comparing the JAVA with C++ / Fortran / C etc.
Also there is an old post you can read about the testability of security in http://www.veracode.com/blog/2010/06/which-tastes-better-for-security-java-or-net/
you can see both are same almost....
26
Java or .Net programs, compared to C and the likes, are not subject to a few simple types of security vulnerabilities - buffer overflows or format string errors.
While this gets rid of some ways in which remote code execution can be obtained, Java does nothing to prevent, for example, any of web application vulnerabilities. It does not help with logic errors either.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
