Comparison of security features between Java and. NET two platforms

The first part security Configuration and Code encapsulation

Security Configuration

Two platforms are configured through XML or plain text files, and the biggest difference between the two platforms is the way the security configuration system is handled.

On the. NET platform, there are graphical interfaces and command line two ways to modify security configuration parameters. Mscorcfg.msc is a graphical interface, Caspol.exe provides a command-line approach for batch processing or configuration text.

The Java platform provides only a graphical interface for tool Policytool.exe. Unlike. NET, the name and location of its target object (configuration file) are not fixed.

. NET defines different ranges of security profiles: system-wide, native scope, and user-scoped. In the case of a configuration conflict, a small-scope parameter has precedence in principle.

The core configuration files for Java and EE are kept in a fixed location, but the extended profile varies from manufacturer to vendor.

Code Encapsulation: Testing

Both JAVA and. NET's Common Library Runtime (CLR) Implement memory security or type-safe protection, and the security of applications developed on these platforms can be tested. Their implementation mechanism is very different.

In. NET, the CLR always executes the compiled code, which does not interpret the code. However, before intermediate language (IL) is compiled, the compiler has the steps to validate and verify. The first step is to check the structure and code integrity of the file; the second step includes some extended checks, memory security, stack tracking, data flow analysis, type checking, and so on. During the run phase, the VES (Virtual Execution System) is responsible for security checks and error handling.

On the Java platform, the Java Virtual Machine (JVM) is responsible for loading, linking, testing, and executing classes. For code that has been compiled and optimized, the JVM also uses two unconditional call stacks to preserve the original byte code information.

Summary: And. NET, the default setting for the JVM is not to validate local code. In addition, the JVM retains the initial byte code for run-time checking, while. NET combines static analysis with run-time Insert validation code.

Code encapsulation: Applying quarantine

In. NET, domain isolation is based on the memory security mechanism, and different domains cannot directly access each other's address space, only through. NET remote communication mechanism access.

In the Java platform, application isolation is implemented through the combination of classloaders and protectiondomains, and security class loading is the cornerstone of the JVM security mechanism.

Summary:. NET AppDomains is like the process of operating system, it is more direct and easy to use than Java Protectiondomains.

Code Encapsulation: Language Features

Two platforms are basically the same. NET is a little bit better on flexibility.

Summarize:

Java has more advantages in security configuration. NET is better in code encapsulation with selectivity and ease of use.