为什么 Java 与其他编程语言相比更安全?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14209887/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why Java is secure compared with other programming languages?
提问by Rais Alam
Java vendor and community says that "Java is more secure than other languages". But i want to know how?
Java 供应商和社区表示“Java 比其他语言更安全”。但我想知道怎么做?
If we look at programming in Java and .Net, they appear similar.
如果我们看一下 Java 和 .Net 中的编程,它们看起来很相似。
Steps involved in .net programmingClick to know more
.net编程涉及的步骤点击了解更多
- Write .net program.
- Compiling your code to MSIL(Compiling translates your source code into Microsoft intermediate language (MSIL) and generates the required metadata).
- Compiling MSIL to native code(At execution time, a just-in-time (JIT) compiler translates the MSIL into native code. During this compilation, code must pass a verification process that examines the MSIL and metadata to find out whether the code can be determined to be type safe).
- Running code(The common language runtime provides the infrastructure that enables execution to take place and services that can be used during execution).
- 编写.net程序。
- 将您的代码编译为 MSIL(编译将您的源代码转换为 Microsoft 中间语言 (MSIL) 并生成所需的元数据)。
- 将 MSIL 编译为本机代码(在执行时,即时 (JIT) 编译器将 MSIL 编译为本机代码。在此编译期间,代码必须通过检查 MSIL 和元数据的验证过程,以确定代码是否可以被确定为类型安全)。
- 运行代码(公共语言运行时提供了允许执行的基础设施和可以在执行期间使用的服务)。
Steps involved in java programmingClick to know more
java编程涉及的步骤点击了解更多
- Write a Java program
- Compiling a Java Program(Java compiler converts java source code to .class file which is a byte code)
- Program loading into memory by JVM( JVM loads .class file into memory do byte code verification and converts .clsss file in machine language)
- Execution of Java program(Whatever actions we have written in our Java program, JVM executes them by interpreting bytecode. If we talk about old JVM's they were slow, executed and interpreted one bytecode at a time. Modern JVM uses JIT compilation unit to which we even call just-in-time compilation).
- 编写一个Java程序
- 编译 Java 程序(Java 编译器将 Java 源代码转换为字节码的 .class 文件)
- JVM加载到内存中的程序(JVM将.class文件加载到内存中做字节码校验并转换成机器语言的.clsss文件)
- Java 程序的执行(无论我们在 Java 程序中编写什么操作,JVM 都会通过解释字节码来执行它们。如果我们谈论旧 JVM,它们会很慢,一次执行和解释一个字节码。现代 JVM 使用 JIT 编译单元,我们甚至调用即时编译)。
If we look the steps in both the language they are almost same then "Why is Java more secure compared with other languages?"
如果我们查看这两种语言中的步骤,它们几乎相同,那么“为什么 Java 与其他语言相比更安全?”
回答by templatetypedef
There are many reasons why Java is a safelanguage, and it's definitely safer than some languages, but I think it's a stretch to say that it's safer than all otherlanguages.
Java 是一种安全语言的原因有很多,而且它肯定比某些语言更安全,但我认为说它比所有其他语言都更安全有些牵强。
Java has a variety of safety features in place:
Java 具有多种安全特性:
Automatic null-checking of references, bounds-checking of arrays, verification of casts, etc. to prevent the program from making type errors. Compare this to C or C++, where these same errors (with a few exceptions) cause undefined behavior.
Verification of bytecode prior to execution. This makes it impossible for the program to jump to an undefined instruction, or to try to perform an operation on a nonexistent object, or to make a type error at the instruction level, etc. Compare this to C or assembly, where the program can jump to bad instructions, or try reading nonexistent parameters to functions (think
va_args), etc.)Runtime security checks when loading in new code. The use of
SecurityManagerandClassLoadermake it easy for the Java runtime to prevent arbitrary code from executing on the computer by mediating access to system resources and preventing the program from loading or generating arbitrary code at runtime. Compare this to C or C++, which can read and write arbitrary values, issue arbitrary system calls, generate and execute arbitrary code, etc.Library-level safety of certain features. For example,
Stringis immutable andfinal, so a function that receives aStringcan verify the string and not have to worry about another thread changing its value.
引用的自动空检查、数组的边界检查、强制转换的验证等,以防止程序出现类型错误。将此与 C 或 C++ 进行比较,在 C 或 C++ 中,这些相同的错误(有一些例外)会导致未定义的行为。
在执行之前验证字节码。这使得程序无法跳转到未定义的指令,或尝试对不存在的对象执行操作,或在指令级别产生类型错误等。将其与 C 或汇编相比,程序可以跳转到错误的指令,或尝试读取不存在的函数参数(想想
va_args)等)加载新代码时运行时安全检查。使用Java 运行时
SecurityManager并ClassLoader使其易于通过调解对系统资源的访问和防止程序在运行时加载或生成任意代码来防止在计算机上执行任意代码。将此与 C 或 C++ 进行比较,后者可以读写任意值、发出任意系统调用、生成和执行任意代码等。某些功能的库级安全性。例如,
String是不可变的 andfinal,因此接收 a 的函数String可以验证字符串,而不必担心另一个线程更改其值。
This isn't a complete list of Java's safety features, but it should give you a sense of some of the design considerations in Java that are not present in other languages.
这不是 Java 安全特性的完整列表,但它应该让您了解 Java 中的一些其他语言中不存在的设计注意事项。
Hope this helps!
希望这可以帮助!
回答by Jigar Pandya
You mention you read some where but can you please re-read it because I guess when it was written the author would be comparing the JAVA with C++ / Fortran / C etc.
您提到您在何处阅读了一些内容,但能否请您重新阅读它,因为我猜写它时,作者会将 JAVA 与 C++/Fortran/C 等进行比较。
Also there is an old post you can read about the testability of security in http://www.veracode.com/blog/2010/06/which-tastes-better-for-security-java-or-net/
还有一篇旧帖子,您可以在http://www.veracode.com/blog/2010/06/which-tastes-better-for-security-java-or-net/ 中阅读有关安全性的可测试性
you can see both are same almost....
你可以看到两者几乎相同......
回答by Vitaly Osipov
Java or .Net programs, compared to C and the likes, are not subject to a few simple types of security vulnerabilities - buffer overflows or format string errors.
与 C 等程序相比,Java 或 .Net 程序不会受到一些简单类型的安全漏洞的影响——缓冲区溢出或格式字符串错误。
While this gets rid of some ways in which remote code execution can be obtained, Java does nothing to prevent, for example, any of web application vulnerabilities. It does not help with logic errors either.
虽然这消除了一些可以获得远程代码执行的方法,但 Java 没有采取任何措施来防止任何 Web 应用程序漏洞。它也无助于逻辑错误。
