Don Box: Huge Security Holes in Solaris, JVM

DaHat writes "Don Box, one of the authors of the original SOAP specification in 1998, now an architect on Microsoft's next generation Indigo platform recently responded to James Gosling's remarks regarding huge security holes within the .NET Common Language Runtime (CLR). Don argues that the same 'flaws' that Gosling noted in the .NET CLR exist both within the Solaris operating system as well as the JVM, both of which support execution of C and C++ code, as well as explaining why this is not necessarily a bad thing."

Re:JNI is an API, not a platform...

[jeif1k]

It's going to happen someday of course and that's why people created Java and managed code. To minimize the exposure of those regions.

You seem to be blissfully unaware of about half a century of computing history: safe, managed code used to be common in high-level language. The people who created Java no more created it than they created integer addition. The Java language is about where programming languages were in the late 1960's/early 1970's.

The real question to ask is how in the world unsafe languages like C and C++ ever managed to succeed, and why something as poorly designed as Java ended up catching on when there have been far better languages with the same kind of safety guarantees around for decades.

But, perhaps, the answer is simply that people like you write the books that people get their information from. The blind leading the blind, it seems.