| Author |
How java is more secure than other programming languages?
|
Lisa Dissousa
Greenhorn
Joined: Sep 18, 2012
Posts: 3
|
|
|
I know that mainly because of bytecode present in .class file. But by using decompilers we can decompile the class file. I need detail explanation please...
|
 |
Jesper de Jong
Java Cowboy
Bartender
Joined: Aug 16, 2005
Posts: 12907
|
|
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.
The JVM has a number of security features built-in. It has, for example, a security manager that you can configure by editing a security policy file, in which you can control what Java applications are and are not allowed to do.
See this page from Oracle for all the details: Java SE Security
|
Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 7 API documentation
Scala Notes - My blog about Scala
|
|
Rajdeep Biswas
Ranch Hand
Joined: Mar 26, 2012
Posts: 163
|
|
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.
This is a most common myth in this context. Byte-codes are accountable for just portability.
|
The biggest gamble will be to ask a question whose answer you know in that it will challenge your theory | www.TechAspire.blogspot.in
|
|
Ivan Jozsef Balazs
Ranch Hand
Joined: May 22, 2012
Posts: 380
|
|
A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.
|
|
Paul Clapham
Bartender
Joined: Oct 14, 2005
Posts: 16483
|
|
Rajdeep Biswas wrote:
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.
This is a most common myth in this context. Byte-codes are accountable for just portability.
It may be a myth, but if you want to refute it you really ought to say something which refutes it. What you said is... well, I have no idea what it was supposed to mean, least of all about the security of Java.
|
|
Henry Wong
author
Sheriff
Joined: Sep 28, 2004
Posts: 16684
|
|
Ivan Jozsef Balazs wrote:A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.
In addition to that (the data and type safety enforced by the bytecodes), the bytecodes is designed to be verifiable -- meaning that it is possible to make sure that all paths through the code can be checked. Because of this design, the JVM has a bytecode verifier to make sure that the code is safe, even if it has been modified in transit.
On top of this, there is a set of immutable data types, a core library that enforces security, and a security manager. The bytecode verifier makes sure that there isn't a "virus" added in transit, or if so, make sure that it is contained (limited in what it can do and still pass verification) -- which in turn, enables the libraries above it to guarrantee the security.
Henry
|
Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
|
|
 |
|
|
subject: How java is more secure than other programming languages?
|
|
|
0
