Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New to the CF scene
    Join Date
    May 2016
    Location
    atlanta
    Posts
    9
    Thanks
    4
    Thanked 0 Times in 0 Posts

    is Java the most secure language for software development?

    There are Many Languages available for software development. but I want to know which one is the most useful for Secure Software Development?

  2. #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    9,249
    Thanks
    4
    Thanked 932 Times in 919 Posts
    Thew Java web plugin was discontinued because it had too many unfixable security holes. Every few days there is another fix for the desktop version so people are giving up on installing it there too.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  3. #3
    New to the CF scene
    Join Date
    May 2016
    Location
    atlanta
    Posts
    9
    Thanks
    4
    Thanked 0 Times in 0 Posts
    which is more secure python or JAVA?

  4. #4
    New Coder
    Join Date
    May 2007
    Location
    SF, CA
    Posts
    64
    Thanks
    0
    Thanked 5 Times in 5 Posts
    I think you may need to adjust your thinking here. Your choice of development language does not guarantee security. You can just as easily write an insecure program in java or python. You need to look at different things when thinking about security. Is this web enabled? Do you worry about sql-injection? Do you need to give users different permissions or security roles? Are you validating input before you use it? If you google you should be able to find lots of resources on writing secure programs. And you will have different security concerns based on the type of application.

    semper fi...

  5. Users who have thanked javabits for this post:

    jessicacyrus1 (06-14-2016)

  6. #5
    Senior Coder deathshadow's Avatar
    Join Date
    Feb 2016
    Location
    Keene, NH
    Posts
    1,965
    Thanks
    2
    Thanked 288 Times in 278 Posts
    Quote Originally Posted by javabits View Post
    I think you may need to adjust your thinking here. Your choice of development language does not guarantee security.
    Well, not ENTIRELY true, but yeah you can through ingorance or ineptitude take even the most secure of languages and open up holes big enough to sail the big stick through.

    Generally compiled languages are more secure than interpreted or even PRETEND compiled like Java. They CALL it p-code, but that's a fancy way of saying interpreted. Still, memory leaks and exploits can abound in most any language unless that language from the start enforces security policies that would make most mainstream programmers shudder in horror for being "too restrictive".

    ADA for example was a great example of a language that was created to be "secure by design" -- the US Government dropping ADA as the only acceptable language for secure data processing and allowing C in the door is probably one of the DUMBEST moves in history. Ada is .... unique? It's so security oriented a language that people often joke that simply knowing it -- or even mentioning it -- lands you on a watch list! (Hi guys!)

    Pascal and Modula can often be more secure than C because, well... ever heard the joke about writing a program to shoot yourself in the foot, and how each language would go about it? C: "You shoot yourself in the foot", Pascal: "The compiler won't let you shoot yourself in the foot".

    Common errors and mistakes that C compliers and C Syntax (and therein all languages using C syntax) will just let fly right by as if nothing is wrong will bomb hard in Pascal before you even get past the compiler.

    There are lots of things that can make a language more secure; not allowing willy-nilly runtime includes, not allowing source based includes, using strict typecasting, length delimited instead of null terminated strings, etc, etc...

    Architecture on the hardware and OS side also has a deep-reaching impact. Take SQL when connected over sockets, that's a hole right there as you're putting normal disk read and data transfer on the networking stack. X11 implementations can be equally flawed... and of course you have web applications where even https is a joke, and we mostly just pretend the web can be secure, cross our fingers, and all pray that nothing bad happens today. Web security is in fact 100% BS because web technologies are by definition open. Take the "man in the middle" attack which is nearly impossible to prevent entirely, the BEST you can hope for is to narrow the window in which an attack can take place to so small, they have to hammer hard to get in.

    Certain languages, well... just won't let you do any of that... and that's what makes them more secure than others; sadly quite often the things you want to do are on the list of things you shouldn't if you care about security.

    As the old joke goes, the only secure system is one with zero access that doesn't do anything useful. From there it's just a matter of degree.
    I would rather have questions that can't be answered, than answers that can't be questioned.
    http://www.cutcodedown.com

  7. Users who have thanked deathshadow for this post:

    jessicacyrus1 (06-14-2016)

  8. #6
    New Coder
    Join Date
    Aug 2016
    Posts
    48
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There are many Programming languages and each programming language offer tools and extensions that can be used to keep the website secures like in PHP there are PHPID and Pixy tools used to test and implement security. PHP can also be used to create a secure application.

    For developing a secure application the first thing that matters is that how you implement the system and how you use the system to implement the interface of the end user. Developing a completely secure application is difficult but we can implement certain measures in the code to handle malicious threats. So, that we make it difficult for the hackers to hack an application.

  9. #7
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    9,249
    Thanks
    4
    Thanked 932 Times in 919 Posts
    Security holes in Java are constantly being patched. Whether that means that it has more security holes than other languages or it is simply easier or more advantageous to exploit Java security holes than holes in other languages is the real question.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  10. #8
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    9,249
    Thanks
    4
    Thanked 932 Times in 919 Posts
    Security by obscurity is NOT security at all.

    Java client side is so insecure that browsers no longer support it. On the server it is as secure as all server side languages typically are until the novice coder starts introducing their own security holes.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  11. #9
    New Coder
    Join Date
    Sep 2016
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Java, .Net and ASP are the most secure languages for software development.

  12. #10
    Senior Coder deathshadow's Avatar
    Join Date
    Feb 2016
    Location
    Keene, NH
    Posts
    1,965
    Thanks
    2
    Thanked 288 Times in 278 Posts
    Quote Originally Posted by Wenso Smith View Post
    Java, .Net and ASP are the most secure languages for software development.
    ... and upon what do you base that utter and complete nonsense? Would you care to elaborate and explain, or are you just spamming pointless one-sentence wonders upon us?
    I would rather have questions that can't be answered, than answers that can't be questioned.
    http://www.cutcodedown.com

  13. #11
    Administrator VIPStephan's Avatar
    Join Date
    Jan 2006
    Location
    Halle (Saale), Germany
    Posts
    10,702
    Thanks
    6
    Thanked 1,275 Times in 1,245 Posts
    I don’t expect anything useful to be added to this thread anymore. For some reason some threads draw poor quality posters like a pile of sh** draws flies. I’m gonna flush this pile down the drain.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •