Would you like a slice of FUD with your Java?
From time to time I've been accused of being too hard on Microsoft, with my
constant harping on their FUD in various contexts (other people say I'm too easy
on them, so I guess it all balances out). But I try to be an equal opportunity
FUD-spotter. This morning it's James Gosling, the father of Java, who's on my
mind. Gosling rcently claimed
that Microsoft "has left open a security hole large enough to drive many, many
large trucks through" in .NET. His further comments made it clear that he's
referring to the ability to use C++ or C# to perform unsafe operations, such as
pointer operations, with the proper syntax.
Here's the deal: in C# you can use the
unsafe keyword to create
managed, but unverifiable, code. That is, code which is still running inside the
CLR, but that doesn't necessarily stick to the normal C# rules of type-safety.
Java doesn't have a direct equivalent. So, essentially, C# gives you more power,
and more risk, in this scenario.
Now, I know in our litigious society it's fashionable to run in circles and
scream and shout about anything that could hurt the poor consumer. But calling
the existence of unsafe code a gaping security hole is roughly equivalent to
saying that my chainsaw should have come with a warning label reading "WARNING:
This device presents an unacceptable security risk for many dwellings, because
it can be used to cut holes in your walls through which burglars can gain
On the other hand, my chainsaw did come with an extensive manual full of
operating procedures and warnings. And, sure enough, if you actually take the
time to read the C# documentation, you'll find plenty of discussion of why
unsafe code isn't part of the core of C#, when you might need it, and what
happens when you use it (for instance, the CLR won't execute unsafe code in
untrusted contexts; no running unsafe code directly from the Internet!). Unsafe
code is a dangerous tool, to be sure, but it's just a tool.
Face it, no programming environment (except perhaps such educational toys as
Logo) is free of all possible security issues. That's because as soon as you
start handing out even moderately powerful features, developers find ways to use
them that are wonderfully insecure. Java applications are just as vulnerable as
.NET ones to canonicalization errors, SQL injection, reading untrusted data, and
so on. As with an automobile, the most dangerous part is always the nut behind
Personally, I don't find that flinging accusations back and forth between the
Java and .NET worlds is really a productive things to do. It's nice that Sun and
Microsoft are fierce competitors in this arena; it makes both languages evolve
to better support the needs of developers. But there are plenty of developers
out in the real world who use both, and the FUD gets tiresome when it pops up.
Here's to the continued success of both Java and .NET - and to the continued
security education of developers.
Mike Gunderloy has been developing software for a quarter-century now, and writing about it for nearly as long. He walked away from a .NET development career in 2006 and has been a happy Rails user ever since. Mike blogs at A Fresh Cup.