Is Java Safe?
John LeJeune
ubuntu at jlejeune.com
Mon Oct 21 15:18:30 UTC 2013
> There has been a lot of talk that Java is not safe (can be attacked,
> virus, etc.) recently, and due to the nature of some of the security
> problems, will never be fixed. I was told to remove Java from Firefox
> (not Java Script). Libre Office uses Java as part of the Base section.
>
> What's the deal? Is Java going to be the 'back door' into Linux re:
> virus', attacks, etc.
>
> John
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
There are known vulnerabilities in the Java sandbox security that Oracle
is having lots of difficulties addressing. Since you need the JVM to run
applets in the browser, the recommendation has been to turn off Java in
the browser, so that you are not at risk from unsigned applets and other
mischief that may result from a web site trying to take advantage of your
browser running Java.
As far as Java on the server side, Java will be as secure as any other
development language dependent on the skill of the developer(s) writing
the server side code. There is no such thing as a bullet proof web
application, the attack vectors are numerous (i.e. sql injection, buffer
overflows, etc...) But developers following good practices have learned
to mitigate these types of attacks. This will be true whether you are in
the Java or .NET camp.
My 1 1/2 cents worth
John.
More information about the ubuntu-users
mailing list