【Java's father】. NET's huge security vulnerability Renai Lemay, ZDNET AUSTRALIAFEBRUARY 04, 2005URL: http://www.zdnet.com.au/news/security/0,2000061744,39179932,00.htm translation: yqj2065
JAVA's creator James Gosling said this week: Microsoft supports C and C in the .NET's General Language Runtime (COMMON LANGUAGE RUNTIME) is supported by "they can make the biggest, most Tang Decision".
Earlier this week, Gosling - CTO of Sun's Developer Products Group, made the above comments in the event of developers in a event of Sydney. He further commented that by incorporating these two languages into Microsoft software development platform, the company left a huge security vulnerability, enough to let many big trucks wear. " [Good too much]
According to Gosling, this security vulnerability is based on the fact that several features and security in earlier languages are contradictory: "C allows you to make castes, add image and pointe, and The pointers are converted between the pointers and the very unstructured manner. "
"If you look at the Java security model and reliability model, many things are abnormally handled, they really depend on the integrity of the object properties. So, if someone gives you an object and says' this is an image ', Then it is an image, it is impossible to shape an image, pointing to a stream. Gosling said. Microsoft's developer tag Charles Sterling completely disagree with Gosling's comments, so he tried to clarify the issue of .NET security. Sterling pointed out that .NET defines different types of code, "managed" code is the code that is executed under the control of the .NET framework. The new language is like c # and visual basic.net only generates Managed Code.
However, Gosling refers to the "unsafe" code generated by traditional languages such as C and C . Unsafe code is some old code that is not strictly following the type security rules defined by .NET, which requires additional licenses to be executed. Follow STERLING: "You as a developer take it upon yourself" to utilise unsafe code in your .NET Applications.
An important point is that because of the ability to have specific machines in some language, those so-called unsafe codes do have faster potentials that are running faster than "Managed" CODE, they may be exchanged with the graft of the sacrificial platform. speed. Sterling agreed this, as he said: Choosing is entirely an adventure between the two platforms: If the developer is willing to "accept this unsafe code", he can achieve "the best performance on this planet" system".
When asked his personal understanding, whether the .NET developer really implemented C or C code on the .NET platform, Sterling also gave this realistic inspection. Among the developers who know about 1000 Sterling, he only thought that someone developed directly under C code. Does this symbolize this part of the developer who is unwilling to use unsafe code, it is not clear.
