Linked by Thom Holwerda on Wed 10th Oct 2012 23:47 UTC, submitted by MOS6510
Java "Java is a programming language that allows developers to write once and deploy everywhere - from high-end gaming desktops to smartphones. Its OS-agnostic and widespread nature is one of its strongest selling points, but one area where it can fall flat is performance. Generally, Java applications are not going to perform as well as native applications written for a specific OS. However, thanks to Project Sumatra that performance gap may soon become less of an issue."
Permalink for comment 538243
To read all comments associated with this story, please click here.
RE: Security
by Alfman on Thu 11th Oct 2012 03:50 UTC in reply to "Security"
Member since:


"Is it even possible to run Java securely on a desktop these days, especially as a browser plugin?"

I don't know how well the java browser plugin security is faring these days?

However as a local desktop platform I don't think Java deserves too much criticism since the language has never been less secure than native apps in the first place. Consider that anything which manages to break out of the java sandbox through a java vulnerability is still access-limited by the same user-space restrictions as a non-VM language like C. While a vulnerability is disappointing, the worst case scenario is that the java app gains access to the same userland syscalls that a native C app can access anyways.

Browsers are at risk because they run untrusted arbitrary code from the internet and they rely on the VM to isolate applets from the main browser process.

Edit: This may be a bit tangential, but another security consideration might be to factor in the likelihood of code written in language X or Y to contain vulnerabilities. I'd assume that Java's strict typecasting and bounds checking rules, as well as general lack of pointer arithmetic make it less likely for Java applications to contain severe (non language related) vulnerabilities.

Edited 2012-10-11 04:05 UTC

Reply Parent Score: 4