Search code examples
java.netsecurityprogramming-languages

Why Java is secure compared with other programming languages?

Java vendor and community says that "Java is more secure than other languages". But i want to know how?

If we look at programming in Java and .Net, they appear similar.

Steps involved in .net programming Click to know more

  1. Write .net program.
  2. Compiling your code to MSIL (Compiling translates your source code into Microsoft intermediate language (MSIL) and generates the required metadata).
  3. Compiling MSIL to native code (At execution time, a just-in-time (JIT) compiler translates the MSIL into native code. During this compilation, code must pass a verification process that examines the MSIL and metadata to find out whether the code can be determined to be type safe).
  4. Running code(The common language runtime provides the infrastructure that enables execution to take place and services that can be used during execution).

Steps involved in java programming Click to know more

  1. Write a Java program
  2. Compiling a Java Program (Java compiler converts java source code to .class file which is a byte code)
  3. Program loading into memory by JVM( JVM loads .class file into memory do byte code verification and converts .clsss file in machine language)
  4. Execution of Java program (Whatever actions we have written in our Java program, JVM executes them by interpreting bytecode. If we talk about old JVM's they were slow, executed and interpreted one bytecode at a time. Modern JVM uses JIT compilation unit to which we even call just-in-time compilation).

If we look the steps in both the language they are almost same then "Why is Java more secure compared with other languages?"

Solution

  • There are many reasons why Java is a safe language, and it's definitely safer than some languages, but I think it's a stretch to say that it's safer than all other languages.

    Java has a variety of safety features in place:

    1. Automatic null-checking of references, bounds-checking of arrays, verification of casts, etc. to prevent the program from making type errors. Compare this to C or C++, where these same errors (with a few exceptions) cause undefined behavior.

    2. Verification of bytecode prior to execution. This makes it impossible for the program to jump to an undefined instruction, or to try to perform an operation on a nonexistent object, or to make a type error at the instruction level, etc. Compare this to C or assembly, where the program can jump to bad instructions, or try reading nonexistent parameters to functions (think va_args), etc.)

    3. Runtime security checks when loading in new code. The use of SecurityManager and ClassLoader make it easy for the Java runtime to prevent arbitrary code from executing on the computer by mediating access to system resources and preventing the program from loading or generating arbitrary code at runtime. Compare this to C or C++, which can read and write arbitrary values, issue arbitrary system calls, generate and execute arbitrary code, etc.

    4. Library-level safety of certain features. For example, String is immutable and final, so a function that receives a String can verify the string and not have to worry about another thread changing its value.

    This isn't a complete list of Java's safety features, but it should give you a sense of some of the design considerations in Java that are not present in other languages.

    Hope this helps!