Java is considered as portable and secure in nature.
For understanding portability nature(read here).
Now lets concentrate on security aspect of java. There are many security feature provided by the security manager present in JVM.
So as far as I have found out there are numerous angle which helps java to achieve security. I will explain all those aspects below:
1. At first security is provided by JVM(Java Virtual Machine) by checking the .class files for any malicious virus or threats that is presented to it before executing those files. So bytecode verification by JVM adds to security.
2. Memory security is provided by the Memory Management architecture of java. (Read more)
Here garbage collector starts its task of collecting the garbage objects as soon as it senses that out of memory condition is about to reach or even before it.
Programmer don't need to take any headache of releasing the memory space manually as is in other languages. Here JVM controls the garbage collector and it does this task for you. Manually programmer can also give instruction to garbage collector to run but then in that case also JVM has full decision control of whether to run it or not.(Read more)
3. Java Package concept provides security from namespace collision in java.
4. Access modifier like public, private, protected and default defines the level to which a class/method/variable can be exposed. So depending upon the level of exposure needed these access modifiers can be used.
In this way we can secure the data from unintended user who is in no way concerned with it thus protecting it from getting misused.
5. Immutability of String adds to security as well. Because of immutable nature String can be used to store password/username, database connection(& other details), key in HashMap without worrying much about String getting tampered/or modified by unauthorized/malicious user.
If you know about any other aspects that add to security of java then please help us know in the comment box.
You may also like to read:
For understanding portability nature(read here).
Now lets concentrate on security aspect of java. There are many security feature provided by the security manager present in JVM.
So as far as I have found out there are numerous angle which helps java to achieve security. I will explain all those aspects below:
1. At first security is provided by JVM(Java Virtual Machine) by checking the .class files for any malicious virus or threats that is presented to it before executing those files. So bytecode verification by JVM adds to security.
2. Memory security is provided by the Memory Management architecture of java. (Read more)
Here garbage collector starts its task of collecting the garbage objects as soon as it senses that out of memory condition is about to reach or even before it.
Programmer don't need to take any headache of releasing the memory space manually as is in other languages. Here JVM controls the garbage collector and it does this task for you. Manually programmer can also give instruction to garbage collector to run but then in that case also JVM has full decision control of whether to run it or not.(Read more)
3. Java Package concept provides security from namespace collision in java.
4. Access modifier like public, private, protected and default defines the level to which a class/method/variable can be exposed. So depending upon the level of exposure needed these access modifiers can be used.
In this way we can secure the data from unintended user who is in no way concerned with it thus protecting it from getting misused.
5. Immutability of String adds to security as well. Because of immutable nature String can be used to store password/username, database connection(& other details), key in HashMap without worrying much about String getting tampered/or modified by unauthorized/malicious user.
If you know about any other aspects that add to security of java then please help us know in the comment box.
You may also like to read:
Hi, Can you share one example code which may be a virus code and JVM can't run it?
ReplyDeleteHi sangamesh,
ReplyDeleteThanks for raising this important question. Here i am sharing a link from other site(informit) which has nicely explained all that is verified by jvm http://www.informit.com/articles/article.aspx?p=1187967&seqNum=2
Please read and still you have question lets join and discuss.
Thank you
I have read in many different sites that Strings as is, should not be used to store passwords. Instead of that, it's much better to use Char[].
ReplyDeleteI don't agree with using strings for storing passwords. It's well known that is much better to use Char[] to storing stuff like passwords
ReplyDeleteI too agree with you. char[] is preferred over String for storing password.
DeleteThe comparison calls for another round of discussion and I will be sharing an article on the same.
If we don't talk about preference, String can be used but we should not use it as a good programmer.
Can't we get around the access modifiers with using reflection ?
ReplyDeleteYou are correct. Private method of a class can be called from other class by changing the runtime behaviour of the class.
Deletejava.lang.Class and java.lang.reflect.Method helps in calling private method of other class.
This all is possible due to reflection.