This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||
|
I have now added more general and neutral information about the security features of the Java platform to this page, in addition to the existing criticism of the security manager. I therefore propose that the suggestion to merge this page with "Criticism of Java" be removed. -- Andrewmth ( talk) 03:45, 27 April 2013 (UTC)
Under chapter 1.1, the author states:
"This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs written in languages such as C which do not provide such memory safety guarantees."
My understanding is, that this is a contradiction to the sentences before the cited one, as the JVM should prevent all attempts of memory corruption from within the Bytecode itself, by the nature of its architecture.
The only memory corruption attack vector in the JVM environment is an attack on the JVM implementation itself and not owed due to semantic errors in the Java program, right? Thus, all JVM based languages eradicate a whole category of memory corrupting exploits - like buffer overflows -, that are possible in other non runtime-checked languages. So an attacker does not target an individual program if he wants to attack a computer, but a whole class of programs that make use of an exploitable vulnerability of the JVM. Under this class of programs, the programmers are free of accountability, as they have no influence over the vulnerability with their code.
Please clarify the intention of the sentence.
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||
|
I have now added more general and neutral information about the security features of the Java platform to this page, in addition to the existing criticism of the security manager. I therefore propose that the suggestion to merge this page with "Criticism of Java" be removed. -- Andrewmth ( talk) 03:45, 27 April 2013 (UTC)
Under chapter 1.1, the author states:
"This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs written in languages such as C which do not provide such memory safety guarantees."
My understanding is, that this is a contradiction to the sentences before the cited one, as the JVM should prevent all attempts of memory corruption from within the Bytecode itself, by the nature of its architecture.
The only memory corruption attack vector in the JVM environment is an attack on the JVM implementation itself and not owed due to semantic errors in the Java program, right? Thus, all JVM based languages eradicate a whole category of memory corrupting exploits - like buffer overflows -, that are possible in other non runtime-checked languages. So an attacker does not target an individual program if he wants to attack a computer, but a whole class of programs that make use of an exploitable vulnerability of the JVM. Under this class of programs, the programmers are free of accountability, as they have no influence over the vulnerability with their code.
Please clarify the intention of the sentence.