This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How java is more secure than other programming languages?  RSS feed

 
Lisa Dissousa
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know that mainly because of bytecode present in .class file. But by using decompilers we can decompile the class file. I need detail explanation please...
 
Jesper de Jong
Java Cowboy
Sheriff
Posts: 16028
87
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.

The JVM has a number of security features built-in. It has, for example, a security manager that you can configure by editing a security policy file, in which you can control what Java applications are and are not allowed to do.

See this page from Oracle for all the details: Java SE Security
 
Rajdeep Biswas
Ranch Hand
Posts: 231
1
Eclipse IDE Java Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.


This is a most common myth in this context. Byte-codes are accountable for just portability.
 
Ivan Jozsef Balazs
Rancher
Posts: 999
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.
 
Paul Clapham
Sheriff
Posts: 22485
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rajdeep Biswas wrote:
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.


This is a most common myth in this context. Byte-codes are accountable for just portability.


It may be a myth, but if you want to refute it you really ought to say something which refutes it. What you said is... well, I have no idea what it was supposed to mean, least of all about the security of Java.
 
Henry Wong
author
Sheriff
Posts: 23283
125
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ivan Jozsef Balazs wrote:A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.


In addition to that (the data and type safety enforced by the bytecodes), the bytecodes is designed to be verifiable -- meaning that it is possible to make sure that all paths through the code can be checked. Because of this design, the JVM has a bytecode verifier to make sure that the code is safe, even if it has been modified in transit.

On top of this, there is a set of immutable data types, a core library that enforces security, and a security manager. The bytecode verifier makes sure that there isn't a "virus" added in transit, or if so, make sure that it is contained (limited in what it can do and still pass verification) -- which in turn, enables the libraries above it to guarrantee the security.

Henry

 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!