The Java platform provides a number of features designed to improve the security of Java applications. This includes enforcing runtime
constraints through the use of the Java Virtual Machine (JVM), a security manager that sandboxesuntrusted code from the rest of the operating system, and a
suite of security APIs that Java developers can utilise. Despite this, criticism has
been directed at the programming language, and Oracle, due to an increase in
malicious programs that revealed security vulnerabilities in the JVM, which
were subsequently not properly addressed by Oracle in a timely manner.
The
binary form of programs running on the Java platform is not native machine code
but an intermediate bytecode.
The JVM performs verification on this bytecode
before running it to prevent the program from performing unsafe operations such
as branching to incorrect locations, which may contain data rather than
instructions. It also allows the JVM to enforce runtime constraints such as
array bounds checking.
This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs
written in languages such as C which do not
provide such memory safety guarantees.
The
platform does not allow programs to perform certain potentially unsafe
operations such as pointer arithmetic or unchecked type casts. It
also does not allow manual control over memory allocation and deallocation;
users are required to rely on the automatic garbage collection provided by the
platform. This also contributes to type
safety and
memory safety.






0 comments:
Post a Comment