[macosxnerd101]

Quote

You probably know the SecurityManager as Java's "sandbox" introduced with Sun's marketing of Java Applets. It also has uses on the server. The SecurityManager is essentially Java's equivalent of SELinux or AppArmor, although it predates both. It tells Java which class can execute which "risky" functions (such as accessing the file system). You can implement a more coarse-grained version of much the same on a process level with Unix file permissions, the aforementioned AppArmor/SELinux, or a combination of technologies.

http://www.javaworld...ad-runtime.html

[Ryano121]

Interesting read. It seems that Java is getting a lot of hate recently because some aspects of it are insecure. The only part people fail to see is that it only applies to applets and other old web technologies that nobody really uses anymore. I don't think that many people are really affected by the flaws, but most people think they are. It's a bit of a shame.

I don't see why people can't just disable Java in their browsers and continue on with their lives. This will be good for most people. For any others using old Swing apps, then yes they may have to do something, but surely that's a good thing to force them to update? Perhaps. The main Java platform that people actually use day to day is still pretty darn good.

This post has been edited by Ryano121: 01 February 2013 - 10:12 AM

[baavgai]

Well, it's JavaWorld, so they might be a little biased.

"Java is still the most secure widespread runtime" What does that actually mean? What other "runtimes" are we comparing this to?

Article is fine but it's a crap title. You can probably blame an editor for that.

[farrell2k]

baavgai, on 02 February 2013 - 12:49 AM, said:

Well, it's JavaWorld, so they might be a little biased. />

"Java is still the most secure widespread runtime" What does that actually mean? What other "runtimes" are we comparing this to?

Article is fine but it's a crap title. You can probably blame an editor for that.

Flash would probably be the best example. You could also compare Silverlight, but who really uses that?

[baavgai]

Again, "runtime" would need to be defined. You assume it's in a browser? The editorial want you to ignore the browser.

Does it need a VM model to be a runtime? Then we have Java, .NET, Android ( Dalvik ain't Java ), etc. Or is it just interpreted?

Only then can "most secure widespread runtime" be reasonably claimed. Since near every Windows box has .NET you'd want to at least compare that. Windows patches religiously, unlike Oracle, which is the crux of the problem.

[Ghlavac]

I'd assume..

.NET
Java
Adobe AIR?

[Aonor]

I did hear about that 0-day a couple of weeks ago, and how Oracle released a quick-fix but it was almost immediately bypassed again. Oracle patched the second 0-day again, but it's obvious there are some severe flaws in security that need to be looked at.

[natecat]

Aonor, on 09 February 2013 - 06:43 PM, said:

I did hear about that 0-day a couple of weeks ago, and how Oracle released a quick-fix but it was almost immediately bypassed again. Oracle patched the second 0-day again, but it's obvious there are some severe flaws in security that need to be looked at.

0-days don't reflect security at all. Java is still very secure, just old technology like applets aren't as secure and don't have the same security measures as desktop applications.