Java Reference
In-Depth Information
Can other languages run on the JVM?
Yes. The JVM can run any valid class file, so this means that non-Java languages can
run on the JVM in one of two ways. Firstly, they could have a source code compiler
(similar to javac) that produces class files, which would run on the JVM just like
Java code (this is the approach taken by languages like Scala).
Alternatively, a non-Java language could implement an interpreter and runtime in
Java, and then interpret the source form of their language. This second option is the
approach taken by languages like JRuby (but JRuby has a very sophisticated runtime
that is capable of “secondary JIT compilation” in some circumstances).
n
Java Security
Java has been designed from the ground up with security in mind; this gives it a
great advantage over many other existing systems and platforms. The Java security
architecture was designed by security experts and has been studied and probed by
many other security experts since the inception of the platform. The consensus is
that the architecture itself is strong and robust, without any security holes in the
design (at least none that have been discovered yet).
Fundamental to the design of the security model is that bytecode is heavily restric‐
ted in what it can express—there is no way, for example, to directly address mem‐
ory. This cuts out entire classes of security problems that have plagued languages
like C and C++. Furthermore, the VM goes through a process known as
bytecode
veriication
whenever it loads an untrusted class, which removes a further large class
of problems (see
Chapter 10
for more about bytecode verification).
Despite all this, however, no system can guarantee 100% security, and Java is no
exception.
While the design is still theoretically robust, the implementation of the security
architecture is another matter, and there is a long history of security flaws being
found and patched in particular implementations of Java.
In particular, the release of Java 8 was delayed, at least partly, due to the discovery of
a number of security problems that required considerable effort to fix.
In all likelihood, security flaws will continue to be discovered (and patched) in Java
VM implementations.
However, it is also worth noting that the majority of Java's recent security issues have
been closely linked to Java as a desktop technology. For practical server-side coding,
Java remains perhaps the most secure general-purpose platform currently available.
Comparing Java to Other Languages
In this section, we'll briefly highlight some differences between the Java platform
and other programming environments you may be familiar with.
