From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sun Jun 13 2004 - 13:49:36 MDT
On Sunday, June 13, 2004, at 01:11 pm, Brian Atkins wrote:
> Harvey Newstrom wrote:
>> Java is a high-level language (or a medium-level language according
>> to some people). It still compiles down to the same machine code
>> that C does. What this means is that the differences between C++ and
>> Java are merely at the human readable abstraction layer. These
>> differences do not exist in the executable binaries themselves.
>> Security people often run into these "gotchas" where Java programmers
>> can't understand how they are getting the same errors as C
>> programmers:
>
> We're going way offtopic here, but I have to nitpick this because it
> seems wildly incorrect. Last I checked (admittedly ca. 1996...), Java
> is not compiled into anything similar to the machine code a C program
> compiles to. Java is compiled into "bytecode" which is then run
> through the Java Virtual Machine (JVM) which is a non-physical "CPU"
> emulated in software running on a real CPU. Besides being a completely
> different machine language than what runs on the real CPU, the
> bytecode enables various security and other features that would not
> otherwise be available at runtime in a traditional CPU.
All true. But none of that changes my point that Java applications can
crash to pointer errors or have memory management problems, even if the
language theoretically eliminated these. The implementation still has
these, and their functions are very similar to the way any computer
does these.
-- Harvey Newstrom, CISSP, CISA, CISM, IAM, IBMCP, GSEC <HarveyNewstrom.com>
This archive was generated by hypermail 2.1.5 : Wed Jul 17 2013 - 04:00:47 MDT