Java Vs .

Net

Presented By,
Naveen Kumar Ratkal
Outline
CLR VS JVM
Java Byte Code and MSIL
Comparing the stacks
Major security vulnerabilities reported
Java Authentication and Authorization service (JAAS)
Class file and Cs file
Security features Comparison
Java or .Net
JVM vs. CLR
JVM designed for platform independence
Single language: Java (?)
A separate JVM for each OS & device
CLR designed for language independence
Multiple languages for development
C++, VB, C#, (J#)
APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML, Mercury, Mondrian,
Oberon, Pascal, Perl, Python, RPG, Scheme, SmallScript, …
Impressive usage of formal methods and programming language research
during development
Underlying OS: Windows (?)
CLR vs JVM
VB Managed Lots of other
C# .Net C/C++ Languages Java

MSIL Byte Codes

CLR JRE (JVM)

Security Security
Runtime Services Runtime Services

Windows OS Mac Win Unix Linux

Both are ‘middle layers’ between an intermediate

language & the underlying OS
Java Byte Code and MSIL

Java byte code (or JVML) is the low-level language of the JVM.
MSIL (or CIL or IL) is the low-level language of the .NET Common
Language Runtime (CLR).
Superficially, the two languages look very similar.
JVML: MSIL:
iload 1 ldloc.1
iload 2 ldloc.2
iadd
istore 3 add
stloc.3
Comparing the stacks
…

…
Python

Eclipse Webshpere Studio BEA Weblogic

Struts
ASP.Net
Visual Studio.net

JSP
Servlets
Perl

Java
ADO.NET JDBC

Base Class Library J2EE Class Library

C#

CLR Java runtime

Win32 J2EE App Servers

C++

Websphere, Weblogic , Tomcat, etc.

MSMQ, COM+, IIS,

JMS Apache
WMI, AD, ADAM,
VB

Indexing, UDDI, etc. Win32, Unix, Linux

 Major security vulnerabilities reported

One of the buy CVE-2000-1061 - execute arbitrary commands via a malicious web
page or email
Java Authentication and
Authorization service (JAAS)

To verify that a user is a subject and granting the user certain

principals; "who you are."

The JAAS authentication component provides the ability to check

who is currently executing Java code, regardless of whether the
code is running as an application, an applet, a bean, or a servlet.
Class file and Cs file

With almost every form, we write a cs file which handles the

events.

.class files does same thing in Java’s web application which is

placed in the WEB-INF classes folder.
 Security features Comparison

Cryptography Good .Net Good Java

Heavily relies on windowsAll providers are to be

signed by the CA,
Architecture dedicated to
the US law
 Cntd..

Secure Communication Fair .Net Very Good Java

Platform No support besides IIS, some JSSE as a standard
samples available component of
JDK

Web Services Up to date support of WSA Only supported by external

vendors
 Choosing between Java and .Net

The ultimate choice usually depends not on technical superiority, but

on:

cultural/”religious”/political preferences
Skill set of your developers
Customer preference
Vendor relations
 References

Websites :
http://vsbabu.org/mt/archives/2003/09/05/slashdot_java_vs_net.html
http://www.cgisecurity.com/lib/J2EEandDotNetsecurityByGerMulcahy.pd
http://diuf.unifr.ch/softeng/seminars/SE2003/buchmann/htmlpaper/in
dex.html

Book :
Java Security - By oaks