Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comparison of Java and .NET security

Posted by Zonk on from the one-likes-coffee-the-other-not dept.

prostoalex writes "The Computer Science Department at the University of Virginia has published a comparative study of security in Java and .NET in Portable Document Format. DevMktg blog on MSDN summarizes the findings saying that due to careful design process, .NET presents security advantages over Java platform in several areas." From the article: "Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design."

4 of 461 comments (clear)

  1. PDF text by Anonymous Coward · · Score: 5, Informative

    Text conversion of PDF document

  2. Re:Source code access by Johnno74 · · Score: 5, Informative

    Most of the source code for .Net is available here - Its called "rotor" and is Microsoft's open source implementation of .Net. It doesn't cover the complete framework, but it includes the runtime, C# compiler, and the parts of the framework that were submitted to ECMA.

    Anyone is free to download, modify and distribute rotor, it compiles on OSX and BSD. I believe someone has modified it to compile and run on Linux. Unfortunately the license prohibits commercial use...

    The major differences between Rotor and the full framework are a simplified garbage collector, and a simplified JIT compiler. Microsoft aren't saying how much of the framework code is shared between Rotor and the full version, but I've been told by people with access to the source that the answer is "pretty much all of it"

  3. Open source java security projects by iksrazal_br · · Score: 5, Informative
    I think this article overlooks the fact that many 'free as in speech' third party security libraries and frameworks are available for java.

    1) ACEGI - Aspect-orientaded-programming using a dependency injection model to replace or complement JAAS for authentication and authorization in an Application server independant way. A subproject of the Spring framework:

    http://acegisecurity.sourceforge.net/docbook/acegi .html/

    2) XML Encryption and XML Digital Signatures. Used in Web Service security or independently.

    http://xml.apache.org/security/

    http://ws.apache.org/wss4j/

    3) Container managed security implemented in every servlet container on the market, including tomcat.

    In short, I'd like to see a comparison of the features and availablity of what people actually use in their applications, rather than an entirely fudgable comparison of reported/unreported security flaws.

    "None are more hopelessly enslaved than those who falsely believe they are free. -- Goethe"

    iksrazal

  4. Re:.NET? Is this thing still around? by rjshields · · Score: 5, Informative
    If Sun adds real OOP features like multiple inheritance, operator overloading, traits, mixins, and introduces optional strong or weak dynamical typing
    Multiple inheritance is best avoided for clarity (multiple interface inheritance is OK). Operator overloading is rarely useful and often abused. Java is a strongly typed language and this is not going to change ("dynamical typing" doesn't mean anything by the way).

    Some of these points are misinformed and you missed out the things that bug people most about Java, the lack of deterministic finalisation and direct memory control, so it looks like your intellect is not superior after all. People who really do have superior intellect do not need to boast about it, it shows through in the things they do and say.
    --
    In this world nothing is certain but death, taxes and flawed car analogies.