B4J Tutorial Java Security

In the last years there were many reports in the media about Java security. All these security issues are related to vulnerabilities that allow the process to exit the sandbox boundaries.

These issues only affect the Java browser plug-in that executes Java applets in a sandboxed environment.

They have nothing to do with regular desktop or server programs. Those programs are not sandboxed and can access anything that the process owner can access, like any other program.
In fact due to the JVM memory model, Java programs are generally more secure than programs written in C/C++.

B4J doesn't create applets and doesn't rely on the Java browser plug in.
Note that Oracle plans to remove this feature in the future: https://blogs.oracle.com/java-platform-group/entry/moving_to_a_plugin_free

Informative discussion about this topic: http://security.stackexchange.com/q...-insecurities-are-other-languages-more-secure
 

KMatle

Expert
Licensed User
Longtime User
Additionally: In one of my projects at work (insurance -> heavy data protection) a Java app was developed by another company. I had to secure it was absolutely safe. So I instructed another company plus our security to check the code and the company's server. All good (except some non Java related "issues"). Of course you need to update to the latest Version as soon as possible AND remove ALL older versions (security!)

Right now there's a switch in many companies going to Java plus Linux. Why? No costs like with Visual Studio and Windows servers. All you need is cheap hw with cheap sw.
 
Top