Why is Java labeled as a "secure" language?

I guess this is a general question, but I am going through introductory courses to java (SE/ME) and the study material claims that java is often used for "security purposes"开发者_如何转开发. It does not explain however what they mean by claiming that java incorporates good security.

Is it hacker proof? Does it produce highly stable software? What?

Security from my point of view (at the moment) is that it's in the hands of the developer writing the code, not the language itself?

IMHO, that's a very misleading statement. In Java, you cannot access out-of-bound arrays, and you don't have pointers, and thus several security flaws like stack corruption or buffer overflow is impossible to exploit in Java. But Java is not inherently more secure than any other language; it's just there is less chance to make mistakes that can cause security flaws. In effect, this reduces security flaws, but it's totally misleading to say Java is secure.

There are two things that make Java "more secure" than other language in certain aspects:

• Automatic array bounds checking and the lack of manual memory management make certain classes of programming mistakes that often cause serious security holes (such as buffer overruns) impossible. Most other modern languages share this feature, but C and C++, which were dominant (and still are major) application development languages at the time Java first appeared, do not.
• The Security Manager concept makes it relatively easy to run Java applications in a "sandbox" that prevents them from doing any harm to the system they are running on. This played an important part in promoting Java during its early days, since Applets were envisioned as a ubiquitous, safe way to have client-side web applications.

Java provides guarantees and tools for security, such as:

• No buffer-overflow exploits
• Byte-code verification
• Security permissions for different codebases
• Security-related APIs

For more details, see Oracle's "Java Security Overview".

Because Java compiles as bytecode which then runs inside a Virtual machine, it cannot access the computer it runs on like a natively compiled program can.

Several languages, most notably C and C++, have a class of bugs that can allow arbitary code to be executed when exploited - such bugs are quite common, and they're easy to make. These bugs are often some form of buffer overflow .

Java, and many other languages/platforms eliminate that class of bugs(bar potential exploitable bugs in the VM itself), which many will claim makes it more secure.

The general reason why Java is considered to be more secure than, say C, is because it handles memory management for you. In other languages, programmers allocate their own memory and often fail to do it correctly, causing buffer overflows, etc. Of course the Java VM could still contain the very same types of bugs, but it's well tested over time, unlike every user written program.

So in that respect, it is more secure. But you can still write insecure code, because no language could ever protect you from writing just plainly erroneous code.

It is marketing)

Java compiler converts the Java code into byte code (.class file) and these byte codes are then run by Java Virtual Machine (JVM) . JVM is an interpreter which is installed in each client machine that is updated with latest security updates by internet . When this byte codes are executed , the JVM can take care of the security. So, java is said to be more secure than other programming languages.

1. This is basic question asked in some interview why java is secured its reason behind this as java is secure because inside jvm a software is present whose name is security manager whose responsibility is that handle all things, if something is happen wrong.so its control/preventing a system

2. Another thing is that it creates interface between source code and system(os),And no any permission of user to do something wrong.

Also Generic types (or generics) bear a superficial resemblance to templates in C++, both in their syntax and in their expected use cases (such as container classes). But the similarity is only skin-deep -- generics in the Java language are implemented almost entirely in the compiler, which performs type checking and type inference, and then generates ordinary, non-generic bytecodes. This implementation technique, called erasure (where the compiler uses the generic type information to ensure type safety, but then erases it before generating the bytecode), has some surprising, and sometimes confusing, consequences. While generics are a big step forward for type safety in Java classes, learning to use generics will almost certainly provide some opportunity for head-scratching (and sometimes cursing) along the way.

**

> Why Java Is Secure Lanquage

**

Reason: 1. As java program runs inside its own virtual machine sandbox 2. Data hiding in Java(OOPs) makes it one of the secure language. Maybe some points are also there but cannot recall it right now.

3.No use of pointers preventing unauthorized access to memory block.

4.No access to the memory management

5. Access Control Functionality
6. Exception Handling
7. Use of final keyword
8. Package java.security provides the classes and interfaces for the security framework

Java security is enabled in each stage: final keyword secure class loading jit security manager byte code verification automatic memory management jsse java cryptographic extension digital signature jaas :java authentication and authorisation service

If you have learn this thing please like this