Java is less secure than C++?
No it IS NOT! But that is what a hosting company is telling one of my clients.
A fairly well known ColdFusion hosting company (I'm not going to mention their name though I would like to;) refused to install one of our Java components on a server, and asked our customer if there was a dll instead of a jar file. I explained to our customer that "I find it quite odd that your host would rather install a dll than a jar since Java tends to be much safer than C++ applications with regard to memory allocation, and other things."
Their host responded: "Notice they only refer to java being better for resource usage. ... The issue we have with JAVA is the security. We have over 35,000 customers and we are a popular CF host and none of our customers use JAVA Tags."
I was even more surprised by their host's response. When I was talking about memory allocation, I was not talking about resource usage! I was talking about the programmer being able to manually create and free memory, and being forced to manage their own memory in a lot of cases. This is why many c/c++ programs have memory leaks! About the only way to create a memory leak in Java is to create new objects within an infinite loop, and retain their reference out side the loop.
Additionally they feel that Java is less secure than c/c++! As a hosting company they must have heard of buffer overflows! I would also expect many system admins to also understand what they are. Buffer overflows are not possible in java! How many security issues have you seen with Java? or applications written in Java? and how many buffer overflows, or memory leaks have you dealt with?
And to top it off this host does offer CFMX hosting, which is entirely written in... Java!
When it comes to C++ CFX tags in ColdFusion, VS Java CFX tags, I think you will find that Java CFX tags will perform better in general on CFMX. This is because there is no JNI layer required to invoke the procedures in the C++ DLL.
- Docker Container exited with code 137
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides