Java Vs Dot Net

1
Java Vs Dot Net
Presented By, Naveen Kumar Ratkal
2
Outline

• CLR VS JVM
• Java Byte Code and MSIL
• Comparing the stacks
• Major security vulnerabilities reported
• Java Authentication and Authorization service
  (JAAS)
• Class file and Cs file
• Security features Comparison
• Java or .Net

3
JVM vs. CLR

• JVM designed for platform independence
• Single language Java (?)
• A separate JVM for each OS device
• CLR designed for language independence
• Multiple languages for development
• C, VB, C, (J)
• APL, COBOL, Eiffel, Forth, Fortran, Haskel, SML,
  Mercury, Mondrian, Oberon, Pascal, Perl, Python,
  RPG, Scheme, SmallScript,
• Impressive usage of formal methods and
  programming language research during development
• Underlying OS Windows (?)

4
CLR vs JVM
C
Managed C/C
Lots of other Languages
VB .Net
Java
MSIL
Byte Codes
CLR Security Runtime Services
JRE (JVM) Security Runtime Services
Windows OS
Mac
Unix
Linux
Win
Both are middle layers between an intermediate
language the underlying OS
5
Java Byte Code and MSIL

• Java byte code (or JVML) is the low-level
  language of the JVM.
• MSIL (or CIL or IL) is the low-level language of
  the .NET Common Language Runtime (CLR).
• Superficially, the two languages look very
  similar.

• MSIL
• ldloc.1
• ldloc.2
• add stloc.3

JVML iload 1 iload 2 iadd istore 3
6
Comparing the stacks
Struts
ASP.Net
JSP
Servlets
Visual Studio.net
Java
JDBC
ADO.NET
J2EE Class Library
Base Class Library
Java runtime
CLR
J2EE App Servers Websphere, Weblogic , Tomcat,
etc.
JMS
Apache
Win32, Unix, Linux
7
Major security vulnerabilities reported
One of the buy CVE-2000-1061 - execute arbitrary
commands via a malicious web page or email
8
Java Authentication and Authorization service
(JAAS)

• To verify that a user is a subject and granting
  the user certain principals "who you are."
• The JAAS authentication component provides the
  ability to check who is currently executing Java
  code, regardless of whether the code is running
  as an application, an applet, a bean, or a
  servlet.

9
Class file and Cs file

• With almost every form we write a cs file which
  handles the events.
• dot class files does same thing in javas web
  application which is placed in the WEB-INF
  classes folder.

10
Security features Comparison
Cryptography Good .Net Good Java
Heavily relies on windows All providers are to be signed by the CA, Arch dedicated to the US law
11
Cntd..
Secure Communication Fair .Net Very Good Java
Platform No support besides IIS, some samples available JSSE as a standard component of JDK
Web Services Up to date support of WSA Only supported by external vendors
12
Choosing between Java and .Net

• The ultimate choice usually depends not on
  technical superiority, but on
• cultural/religious/political preferences
• Skill set of your developers
• Customer preference
• Vendor relations

13
References

• Websites
• http//vsbabu.org/mt/archives/2003/09/05/slashdot_
  java_vs_net.html
• http//www.cgisecurity.com/lib/J2EEandDotNetsecuri
  tyByGerMulcahy.pdf
• http//diuf.unifr.ch/softeng/seminars/SE2003/buchm
  ann/htmlpaper/index.html
• Book
• Java Security - By oaks