Gosling cites huge security hole in .Net

Gosling cites huge security hole in .Net

Summary: Renai LeMay of ZDNet Australia reports on the latest comments regarding Microsoft from Java father and Sun developer products CTO James Gosling. After calling Sun's technical agreement with Microsoft less and less meaningful, Gosling called Microsoft's support of C and C++ in the common language runtime (CLR) in .

SHARE:

Renai LeMay of ZDNet Australia reports on the latest comments regarding Microsoft from Java father and Sun developer products CTO James Gosling. After calling Sun's technical agreement with Microsoft less and less meaningful, Gosling called Microsoft's support of C and C++ in the common language runtime (CLR) in .Net one of the "biggest and most offensive mistakes that they could have made," which opens a security hole "large enough to drive many, many large trucks through." There are some nuances to his criticism in that it applies to old code that doesn't follow rules that .NET defines. In any case, "unsafe" code presents a palpable risk...

Topic: Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • What about JNI?!?

    Did he forget about JNI? Java supports calling unsecure C/C++ code too. If it was such a big mistake to support C/C++ code, why does Sun support it in Java?
    t_mohajir
    • programmers can write extensions to java through JNI, but

      If you use java alone, you know it will be safe.
      There are only limited times you're going to use
      JNI.

      One major point of java is that when you write
      stuff in it, you are prevented from doing direct
      memory access. Bearing in mind most programmers
      are provably not very good at managing memory,
      this is a good thing that java does.

      In .net you can write managed code or unmanaged
      code, and therefore you don't have the automatic
      protection that java offers. In that way, .net is
      like C/C++, and java is a new generation.

      As you know, JNI is not a way to selectively
      embed bits of C++/C code in your java code.
      Say you had a legacy client server software
      written in C++, and you wanted to access
      functions in that api from java. That is what
      you'd use JNI for.
      Of course, you should rewrite all your software
      in java over time of course.
      Progressively as your codebase gets to be more
      and more java, your memory protection issues will
      disappear. I don't have to explain progressive
      now do i?
      hipparchus2001