• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Himai Minh

How java is more secure than other programming languages?

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I know that mainly because of bytecode present in .class file. But by using decompilers we can decompile the class file. I need detail explanation please...
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.

The JVM has a number of security features built-in. It has, for example, a security manager that you can configure by editing a security policy file, in which you can control what Java applications are and are not allowed to do.

See this page from Oracle for all the details: Java SE Security
 
Ranch Hand
Posts: 231
1
Eclipse IDE Opera Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.



This is a most common myth in this context. Byte-codes are accountable for just portability.
 
Rancher
Posts: 1043
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.
 
Marshal
Posts: 27371
88
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rajdeep Biswas wrote:

The fact that you can quite easily decompile bytecode doesn't really have anything to do with security.



This is a most common myth in this context. Byte-codes are accountable for just portability.



It may be a myth, but if you want to refute it you really ought to say something which refutes it. What you said is... well, I have no idea what it was supposed to mean, least of all about the security of Java.
 
author
Posts: 23928
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ivan Jozsef Balazs wrote:A Java program runs inside the JVM in a sandbox. This makes a more severe control over what things happen.
Also array boundaries are checked, there are no dangling pointers, no "casting" in the sense a piece of memory is interpreted in different ways etc.



In addition to that (the data and type safety enforced by the bytecodes), the bytecodes is designed to be verifiable -- meaning that it is possible to make sure that all paths through the code can be checked. Because of this design, the JVM has a bytecode verifier to make sure that the code is safe, even if it has been modified in transit.

On top of this, there is a set of immutable data types, a core library that enforces security, and a security manager. The bytecode verifier makes sure that there isn't a "virus" added in transit, or if so, make sure that it is contained (limited in what it can do and still pass verification) -- which in turn, enables the libraries above it to guarrantee the security.

Henry

 
The overall mission is to change the world. When you've done that, then you can read this tiny ad:
Garden Master Course kickstarter
https://coderanch.com/t/754577/Garden-Master-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic