6 Replies - 408 Views - Last Post: 28 August 2012 - 07:16 AM Rate Topic: -----

#1 <aris>  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 29
  • Joined: 24-August 11

A Java Critical Question About Security

Posted 28 August 2012 - 03:11 AM

Hello,

I am a PHP and Visual Basic .NET Developer, and recently I had a conversation with a friend of mine who works in a company in Sweden which programs custom software and they work with java only. She convinced me that java is a MUST and as I know how VB.NET works, she said it'd be easier to learn Java.

My only question is, as I hear a lot about dangerous vulnerabilities for java and recently a blog was recommending to disable java until an update will come up to fix that specific vulnerability, is it risky to program in java? I mean if my customers are vulnerable to attacks etc with my java programs, will I have any problem at all? Or my customers won't be affected from these vulnerabilities?

As I've worked with C++ in the past, I see that Java looks like C++ a little bit and I think it's gonna be easy for me to learn this language but all this stuff in my head about security doesn't let me go for it.

Can anyone give me an honest answer about this? Thanks in advance!

Is This A Good Question/Topic? 0
  • +

Replies To: A Java Critical Question About Security

#2 GregBrannon  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2205
  • View blog
  • Posts: 5,239
  • Joined: 10-September 10

Re: A Java Critical Question About Security

Posted 28 August 2012 - 03:24 AM

The news is preliminary, but as far as we know, the vulnerability (poorly defined or detailed) is only in Java 7. The advice to "disable Java" is extreme and should be specific to Java 7. One can always fallback to Java 6, if necessary.

By all means, learn Java. Your customers will be no more affected by these vulnerabilities than they were by those built into IE or Windows.

Good luck, enjoy learning, and come here when you need help.
Was This Post Helpful? 1
  • +
  • -

#3 <aris>  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 29
  • Joined: 24-August 11

Re: A Java Critical Question About Security

Posted 28 August 2012 - 03:31 AM

Your answer erased all my doubts!

I've already started this book this morning:
http://www.wrox.com/...0470889640.html

But, I wanted a clear answer before I complete reading this book!

So, I'm gonna continue reading it!

Again, if you have in your mind a better book to suggest I am open to anything!

Thanks again!
Was This Post Helpful? 0
  • +
  • -

#4 GregBrannon  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2205
  • View blog
  • Posts: 5,239
  • Joined: 10-September 10

Re: A Java Critical Question About Security

Posted 28 August 2012 - 03:36 AM

Here are two thread you may find useful:

Java Books

Getting Better at Java

This post has been edited by GregBrannon: 28 August 2012 - 03:37 AM

Was This Post Helpful? 1
  • +
  • -

#5 <aris>  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 29
  • Joined: 24-August 11

Re: A Java Critical Question About Security

Posted 28 August 2012 - 03:43 AM

Great I am going too helpful! Thanks!

**Great I am going to read them, the topics are too useful! Thanks
Was This Post Helpful? 0
  • +
  • -

#6 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 8013
  • View blog
  • Posts: 13,719
  • Joined: 19-March 11

Re: A Java Critical Question About Security

Posted 28 August 2012 - 07:07 AM

The current vulnerability is indeed specific to Java 7. However, it's a bit tricky for my company, since we just forced all machines off of java 6 due to vulnerabilities there. For a large-scale user, this is a bit of a problem. For the home user, the most important thing is to turn off Java in your browsers - the applet, I'm afraid, is dead, but that's been true for a long time now. I see no reason to believe that these vulnerabilities allow an outside user access to your computer unless you run their code, so as long as you don't run untrusted code you should be fine. On the enterprise scale, it's difficult to ensure that this sort of hygiene is maintained, so if you're facing SEC audits or similar pressures there's some incentive to worry.

This is not a reason to avoid Java, however. Java is a great language, and I think there's a lot of interesting developments yet to come in the JVM. The security issues are, in a way, to be expected. The JVM is a huge project, and it has huge access to your OS. To me, this suggests that more attention to development of open JVMs is required - the sort of fanatical attention to security that worked so well for OpenBSD seems to flourish best in an open atmosphere. Could get messy, but it would be interesting.

For you as a student, the real attractions of java are:
- a well designed language with a lot of good libraries
- an established language with good models to follow
- a language which by design emphasizes good (if stodgy) programming practice, like exception handling and documentation
- sound object-oriented fundamentals, which leads to one good approach to good design


There are some frustrations that you'll come across in Java, of course, but that's true of any language. My take-away for you is this: of the languages like Java, basically meaning C++ and C#, Java is the best one to learn.
Was This Post Helpful? 1
  • +
  • -

#7 <aris>  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 29
  • Joined: 24-August 11

Re: A Java Critical Question About Security

Posted 28 August 2012 - 07:16 AM

WoW, That's a lot of information for me to think. I consider everyone's answer seriously! Thank you very much.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1