Java Vs .Net
Presented By,
Naveen Kumar Ratkal
Outline
CLR VS JVM
Java Byte Code and MSIL
Comparing the stacks
Major security vulnerabilities reported
Java Authentication and Authorization service (JAAS)
Class file and Cs file
Security features Comparison
Java or .Net
JVM vs. CLR
JVM designed for platform independence
Single language: Java (?)
A separate JVM for each OS & device
CLR designed for
language independence
Multiple languages for development
C++, VB, C#, (J#)
APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML, Mercury,
Mondrian, Oberon, Pascal, Perl, Python, RPG, Scheme, SmallScript,
…
Impressive usage of formal methods and programming language
research during development
Underlying OS: Windows (?)
CLR vs JVM
C#
Managed
C/C++
Lots of other
Languages
VB
.Net
CLR
Security
Runtime Services
MSIL
Windows OS
Java
JRE (JVM)
Security
Runtime Services
Byte Codes
Mac
Unix
Linux
Win
Both are ‘middle layers’ between an intermediate
language & the underlying OS
Java Byte Code and MSIL
Java byte code (or JVML) is the low
-
level language of the JVM.
MSIL (or CIL or IL) is the low
-
level language of the .NET Common
Language Runtime (CLR).
Superficially, the two languages look very similar.
JVML:
iload 1
iload 2
iadd
istore 3
MSIL:
ldloc.1
ldloc.2
add
stloc.3
VB
C++
C#
Perl
Python
…
Visual Studio.net
Win32
MSMQ, COM+, IIS,
WMI, AD, ADAM,
Indexing, UDDI, etc.
CLR
Base Class Library
ADO.NET
ASP.Net
Win32, Unix, Linux
JMS
Apache
J2EE App Servers
Websphere, Weblogic , Tomcat, etc.
Java runtime
J2EE Class Library
Comparing the stacks
JDBC
Servlets
JSP
Struts
BEA Weblogic
Webshpere Studio
Eclipse
…
Java
Major security vulnerabilities reported
One of the buy CVE
-
2000
-
1061
-
execute arbitrary commands via a malicious web
page or email
Java Authentication and
Authorization service (JAAS)
T
o verify that a user is a subject and granting the user certain
principals; "who you are."
The JAAS authentication component provides the ability to check
who is currently executing Java code, regardless of whether the code
is running as an application, an applet, a bean, or a servlet.
Class file and Cs file
With almost every form, we write a cs file which handles the
events.
.class files does same thing in Java’s web application which is
placed in the WEB
-
INF classes folder.
Security features Comparison
Cryptography
Good .Net
Good Java
Heavily relies on
windows
All providers are to be
signed by the CA,
Architecture dedicated
to the US law
Secure Communication
Fair .Net
Very Good Java
Platform
No support besides IIS,
some
samples available
JSSE as a standard
component of
JDK
Web Services
Up to date support of WSA
Only supported by external
vendors
Cntd..
Choosing between Java and .Net
The ultimate choice usually depends not on technical superiority, but
on:
cultural/”religious”/political preferences
Skill set of your developers
Customer preference
Vendor relations
References
Websites :
http://vsbabu.org/mt/archives/2003/09/05/slashdot_java_vs_net.html
http://www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pdf
http://diuf.unifr.ch/softeng/seminars/SE2003/buchmann/htmlpaper/index.html
Book :
Java Security
-
By oaks
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο