Tuesday, January 22, 2013

Why Java is called secure

There are two things that make Java "more secure" than other language in certain aspects:

    Automatic array bounds checking and the lack of manual memory management make certain classes of programming mistakes that often cause serious security holes (such as buffer overruns) impossible. Most other modern languages share this feature, but C and C++, which were dominant (and still are major) application development languages at the time Java first appeared, do not.
   
    The Security Manager concept makes it relatively easy to run Java applications in a "sandbox" that prevents them from doing any harm to the system they are running on. This played an important part in promoting Java during its early days, since Applets were envisioned as a ubiquitous, safe way to have client-side web applications.

    In addition, the Java language defines different access modifiers that can be assigned to Java classes, methods, and fields, enabling developers to restrict access to their class implementations as appropriate. Specifically, the language defines four distinct access levels: private, protected, public, and, if unspecified, package. The most open access specifier is public access is allowed to anyone. The most restrictive modifier is private access is not allowed outside the particular class in which the private member (a method, for example) is defined. The protected modifier allows access to any subclass, or to other classes within the same package. Package-level access only allows access to classes within the same package.

    A compiler translates Java programs into a machine-independent bytecode representation. A bytecode verifier is invoked to ensure that only legitimate bytecodes are executed in the Java runtime. It checks that the bytecodes conform to the Java Language Specification and do not violate Java language rules or namespace restrictions. The verifier also checks for memory management violations, stack underflows or overflows, and illegal data typecasts. Once bytecodes have been verified, the Java runtime prepares them for execution.
Posted by at

10 comments:

  1. AnonymousFebruary 28, 2014 at 8:59 AM

    Best explanation I have found on the topic so far.

    ReplyDelete
  2. AnonymousMarch 1, 2014 at 5:42 PM

    nice one sir..

    ReplyDelete
  3. UnknownMarch 16, 2014 at 1:01 PM

    nice explanation sir..

    ReplyDelete
  4. AnonymousMarch 16, 2014 at 1:02 PM

    like it..

    ReplyDelete
  5. web developmentMarch 26, 2014 at 4:26 PM

    waoooooooooooooooo ncie post

    ReplyDelete
  6. AnonymousMarch 28, 2014 at 10:25 AM

    nice explaination

    ReplyDelete
  7. AnonymousSeptember 5, 2015 at 8:39 AM

    we can decompile java code then how java is secure..i want to know at the time of decompilation how we can secure our java code?

    ReplyDelete
  8. AnonymousJanuary 23, 2016 at 12:10 PM

    Thanks for the good explanation

    ReplyDelete
  9. UnknownMarch 23, 2017 at 8:11 PM

    This comment has been removed by the author.

    ReplyDelete
  10. UnknownMarch 23, 2017 at 8:12 PM

    Because it is with OOPS (object oriented programming) concept. It is really robust and well structured so obviously it's going to be more secured than any other languages.

    ReplyDelete

Subscribe to: Post Comments (Atom)