TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
"W. Wesley Groleau x4923" <[log in to unmask]>
Reply To:
W. Wesley Groleau x4923
Date:
Thu, 6 Apr 2000 13:32:13 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines)
> Specification (I&RTS) v4.0 states that "Developers shall not use
> compilers designed to convert code developed in other languages (e.g.,
> Ada, C++) to create Java byte-codes. This restriction is important
> because such compilers may inadvertently bypass intended Java security
> features."

I would be glad to see this removed.  On the other hand:

I have read some Web pages (sorry, forgot URIs) that made it quite clear
that "Java security" is not nearly what it's hyped to be.  It's hacked in
rather than designed in.  In one case, the language syntax was even
changed to plug a security hole.

Anyway, one of these web pages mentioned a security hole that could not be
exploited in Java, but could be exploited if you had a J-code assembler.
It's certainly possible for any compiler--including a Java compiler that's
not fully compliant with the spec--to exploit this hole.

Another page complained that formal verification of security is difficult
because the "Java language is not clearly defined enough."

Plus, if you are using dozens of Java libraries you didn't write, how do
you know they are secure?

Finally, remember that both Sun and Microsoft label their Java products
with the disclaimer that they are NOT to be used in any safety-critical
applications!

--
Wes Groleau
http://freepages.genealogy.rootsweb.com/~wgroleau

ATOM RSS1 RSS2