Hi !
Featured games (85)
games approved by the League of Dukes
Games in Showcase (623)
Games in Android Showcase (176)
games submitted by our members
Games in WIP (676)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Another "Java isn't Secure" Thread  (Read 1634 times)
0 Members and 1 Guest are viewing this topic.
Offline Jimmt
« League of Dukes »

JGO Kernel

Medals: 163
Projects: 5
Exp: 3 years

« Posted 2013-09-17 04:34:26 »

Saw this randomly going through youtube (ad):

What do you think?
Offline SHC
« Reply #1 - Posted 2013-09-17 04:46:32 »

What about the CLR? .Net apps can be cracked as well. I think it became easier to hackers to hack java or .net apps due to the existing of complete file format of the class files or .net modules. If you open a .class file in notepad, you can see text like 'Ljava.lang.String' which contains almost all the data you have. This eases in decompiling and the existance of several decompilers. The same applies to .net apps as well, open a .net exe in notepad and you can see method calls of library classes.

Offline Jeremy
« Reply #2 - Posted 2013-09-17 04:50:09 »

I can't watch the video, but if by security you mean from malware...

Java in theory is secure - individual JREs have security exploits though.

'Java' has a poor reputation about the security community because it is poorly maintained by large JRE distributors. I.e, Apple let a known exploit linger in there JRE for a while resulted in mass spreading of the (I think it was called) 'The Flashback Malware.

Applet's are also a big cause for it. People assume that, just because it runs inside the browser they're safe. The difference between an applet and a flash application is very dramatic and that isn't appreciated enough. Even yet, unsigned Java Applets that run in a sandboxed environment have managed to break out of that sandboxed environment too many times to count and they're just simply not worth trusting anymore.

I think that article you were linking to is talking about people lacking appreciation for the security threats imposed by obsolete JREs

JevaEngine, Latest Playthrough (This demo is networked with a centralized server model)
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline HeroesGraveDev

JGO Kernel

Medals: 360
Projects: 11
Exp: 3 years

┬─┬ノ(ಠ_ಠノ)(╯°□°)╯︵ ┻━┻

« Reply #3 - Posted 2013-09-17 06:41:17 »

This is why we can't have nice things.


Although apart from the idiots, Oracle has had a part to play in ruining Java's reputation.

I had better start learning other OOP languages and their APIs.

Offline Mac70
« Reply #4 - Posted 2013-09-17 07:05:57 »

Just don't listen to any security "specialists" - especially if they are from big companies or companies related with with these corporations. Treat their "reports" as a source of fun. Roll Eyes

Java (and all JRE-based languages) position is currently unchallenged - it simply does not have any noticeable competitor in its field.
Offline concerto49

Junior Devvie

« Reply #5 - Posted 2013-09-17 08:24:30 »

Oracle's been a lot better than Microsoft in patching security holes if you ask me.

High performance, fast network, affordable price VPS - Cloud Shards
Available in Texas, New York & Los Angeles
Need a VPS Upgrade?
Offline princec

« JGO Spiffy Duke »

Medals: 584
Projects: 3
Exp: 16 years

Eh? Who? What? ... Me?

« Reply #6 - Posted 2013-09-17 08:42:39 »

The fact is, the JVM coupled to a browser was a fundamentally stupid, flawed idea in the first place. It's like the genius of housing petrol and matches next to each other in a child's bedroom. OS = petrol, Java = matches, child = browser operator. What's the worst that could happen?

Cas Smiley

Offline SHC
« Reply #7 - Posted 2013-09-17 09:11:59 »

Oracle's been a lot better than Microsoft in patching security holes if you ask me.

It's known from the beginning, since C# came out. Microsoft designed C# after getting bailed for using Java in the name of J#

Offline lcass
« Reply #8 - Posted 2013-09-19 21:08:33 »

java is secure in a sense its just as secure as an exe or a c# document which have all had some sort of similar publicity like this in the past
Pages: [1]
  ignore  |  Print  
You cannot reply to this message, because it is very, very old.

BurntPizza (28 views)
2015-10-08 03:11:46

BurntPizza (16 views)
2015-10-08 00:30:40

BurntPizza (19 views)
2015-10-07 17:15:53

BurntPizza (32 views)
2015-10-07 02:11:23

KaiHH (37 views)
2015-10-06 20:22:20

KaiHH (16 views)
2015-10-06 19:41:59

BurntPizza (32 views)
2015-10-06 19:04:48

basil_ (46 views)
2015-09-30 17:04:40

shadowstryker (24 views)
2015-09-29 15:55:06

TheSpaceHedgehog (31 views)
2015-09-29 01:58:48
Math: Inequality properties
by Roquen
2015-10-01 13:30:46

Math: Inequality properties
by Roquen
2015-09-30 16:06:05

HotSpot Options
by Roquen
2015-08-29 11:33:11

Rendering resources
by Roquen
2015-08-17 12:42:29

Rendering resources
by Roquen
2015-08-17 09:36:56

Rendering resources
by Roquen
2015-08-13 07:40:51

Networking Resources
by Roquen
2015-08-13 07:40:43

List of Learning Resources
by gouessej
2015-07-09 11:29:36 is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!