- Slides: 13
Java Vs. Net Presented By, Naveen Kumar Ratkal
Outline CLR VS JVM Java Byte Code and MSIL Comparing the stacks Major security vulnerabilities reported Java Authentication and Authorization service (JAAS) Class file and Cs file Security features Comparison Java or. Net
JVM vs. CLR JVM designed for platform independence Single language: Java (? ) A separate JVM for each OS & device CLR designed for language independence Multiple languages for development C++, VB, C#, (J#) APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML, Mercury, Mondrian, Oberon, Pascal, Perl, Python, RPG, Scheme, Small. Script, … Impressive usage of formal methods and programming language research during development Underlying OS: Windows (? )
CLR vs JVM C# VB. Net Managed C/C++ Lots of other Languages Java MSIL Byte Codes CLR Security Runtime Services JRE (JVM) Security Runtime Services Windows OS Mac Both are ‘middle layers’ between an intermediate language & the underlying OS Win Unix Linux
Java Byte Code and MSIL Java byte code (or JVML) is the low-level language of the JVM. MSIL (or CIL or IL) is the low-level language of the. NET Common Language Runtime (CLR). Superficially, the two languages look very similar. JVML: MSIL: iload 1 iload 2 iadd istore 3 ldloc. 1 ldloc. 2 add stloc. 3
Visual Studio. net Perl Servlets ADO. NET JDBC Base Class Library J 2 EE Class Library CLR Java runtime Win 32 J 2 EE App Servers Websphere, Weblogic , Tomcat, etc. MSMQ, COM+, IIS, WMI, ADAM, Indexing, UDDI, etc. JMS Apache Win 32, Unix, Linux Java C# JSP BEA Weblogic C++ ASP. Net Webshpere Studio VB Struts Eclipse Python … … Comparing the stacks
Major security vulnerabilities reported One of the buy CVE-2000 -1061 - execute arbitrary commands via a malicious web page or email
Java Authentication and Authorization service (JAAS) To verify that a user is a subject and granting the user certain principals; "who you are. " The JAAS authentication component provides the ability to check who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet.
Class file and Cs file With almost every form, we write a cs file which handles the events. . class files does same thing in Java’s web application which is placed in the WEB-INF classes folder.
Security features Comparison Cryptography Good. Net Good Java Heavily relies on windows All providers are to be signed by the CA, Architecture dedicated to the US law
Cntd. . Secure Communication Fair. Net Very Good Java Platform No support besides IIS, some samples available JSSE as a standard component of JDK Web Services Up to date support of WSA Only supported by external vendors
Choosing between Java and. Net The ultimate choice usually depends not on technical superiority, but on: cultural/”religious”/political preferences Skill set of your developers Customer preference Vendor relations
References Websites : http: //vsbabu. org/mt/archives/2003/09/05/slashdot_java_vs_net. html http: //www. cgisecurity. com/lib/J 2 EEand. Dot. Netsecurity. By. Ger. Mulcahy. pdf http: //diuf. unifr. ch/softeng/seminars/SE 2003/buchmann/htmlpaper/index. html Book : Java Security - By oaks