Upload
tanisha-warner
View
29
Download
4
Embed Size (px)
DESCRIPTION
Java Vs Dot Net. Presented By, Naveen Kumar Ratkal. Outline. CLR VS JVM Java Byte Code and MSIL Comparing the stacks Major security vulnerabilities reported Java Authentication and Authorization service (JAAS) Class file and Cs file Security features Comparison Java or .Net. - PowerPoint PPT Presentation
Citation preview
Java Vs Dot Net
Presented By,
Naveen Kumar Ratkal
Outline
CLR VS JVM
Java Byte Code and MSIL
Comparing the stacks
Major security vulnerabilities reported
Java Authentication and Authorization service (JAAS)
Class file and Cs file
Security features Comparison
Java or .Net
JVM vs. CLR
JVM designed for platform independenceSingle language: Java (?)
A separate JVM for each OS & device
CLR designed for language independenceMultiple languages for development
C++, VB, C#, (J#)
APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML, Mercury, Mondrian, Oberon, Pascal, Perl, Python, RPG, Scheme, SmallScript, …
Impressive usage of formal methods and programming language research during development
Underlying OS: Windows (?)
CLR vs JVM
C# ManagedC/C++
Lots of otherLanguages
VB.Net
CLRSecurity
Runtime Services
MSIL
Windows OS
Java
JRE (JVM)Security
Runtime Services
Byte Codes
Mac Unix LinuxWin
Both are ‘middle layers’ between an intermediate language & the underlying OS
Java Byte Code and MSIL
Java byte code (or JVML) is the low-level language of the JVM.
MSIL (or CIL or IL) is the low-level language of the .NET Common Language Runtime (CLR).
Superficially, the two languages look very similar.
JVML:iload 1iload 2iaddistore 3
MSIL:ldloc.1ldloc.2addstloc.3
VB
C+
+C
#P
erl
Pyth
on
…
Vis
ual S
tud
io.n
et
Win32
MSMQ, COM+, IIS, WMI, AD, ADAM, Indexing, UDDI, etc.
CLRCLR
Base Class LibraryBase Class Library
ADO.NETADO.NET
ASP.NetASP.Net
Win32, Unix, Linux
JMS Apache
J2EE App Servers Websphere, Weblogic , Tomcat, etc.
Java runtimeJava runtime
J2EE Class LibraryJ2EE Class Library
Comparing the stacks
JDBCJDBC
Servlets Servlets
JSP JSP
StrutsStruts
BEA
Web
log
ic
Web
sh
pere
Stu
dio
Eclip
se
…
Java
Major security vulnerabilities reported
One of the buy CVE-2000-1061 - execute arbitrary commands via a malicious web page or email
Java Authentication and Authorization service (JAAS)
To verify that a user is a subject and granting the user certain principals; "who you are."
The JAAS authentication component provides the ability to check who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet.
Class file and Cs file
With almost every form we write a cs file which handles the events.
dot class files does same thing in java’s web application which is placed in the WEB-INF classes folder.
Security features Comparison
Cryptography Good .Net Good Java
Heavily relies on windows
All providers are to be signed by the CA, Arch dedicated to the US law
Secure Communication Fair .Net Very Good Java
Platform No support besides IIS, some
samples available
JSSE as a standard component of
JDK
Web Services Up to date support of WSA Only supported by external
vendors
Cntd..
Choosing between Java and .Net
The ultimate choice usually depends not on technical superiority, but on:
cultural/”religious”/political preferences
Skill set of your developers
Customer preference
Vendor relations
References
Websites :http://vsbabu.org/mt/archives/2003/09/05/slashdot_java_vs_net.htmlhttp://www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pdfhttp://diuf.unifr.ch/softeng/seminars/SE2003/buchmann/htmlpaper/
index.html
Book :Java Security - By oaks