Java is less secure than C++?
No it IS NOT! But that is what a hosting company is telling one of my clients.
A fairly well known ColdFusion hosting company (I'm not going to mention their name though I would like to;) refused to install one of our Java components on a server, and asked our customer if there was a dll instead of a jar file. I explained to our customer that "I find it quite odd that your host would rather install a dll than a jar since Java tends to be much safer than C++ applications with regard to memory allocation, and other things."
Their host responded: "Notice they only refer to java being better for resource usage. ... The issue we have with JAVA is the security. We have over 35,000 customers and we are a popular CF host and none of our customers use JAVA Tags."
I was even more surprised by their host's response. When I was talking about memory allocation, I was not talking about resource usage! I was talking about the programmer being able to manually create and free memory, and being forced to manage their own memory in a lot of cases. This is why many c/c++ programs have memory leaks! About the only way to create a memory leak in Java is to create new objects within an infinite loop, and retain their reference out side the loop.
Additionally they feel that Java is less secure than c/c++! As a hosting company they must have heard of buffer overflows! I would also expect many system admins to also understand what they are. Buffer overflows are not possible in java! How many security issues have you seen with Java? or applications written in Java? and how many buffer overflows, or memory leaks have you dealt with?
And to top it off this host does offer CFMX hosting, which is entirely written in... Java!
When it comes to C++ CFX tags in ColdFusion, VS Java CFX tags, I think you will find that Java CFX tags will perform better in general on CFMX. This is because there is no JNI layer required to invoke the procedures in the C++ DLL.
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token