Rick Welykochy wrote:
On Fri, 23 Jan 2004, Simon Males wrote:
Yeah Java is more secure, but boy does it love chewing you CPU and memory in the process... just to find out that your bank has invented another bank fee.
Can you explain to the list how a client-side application (Java) can be considered more secure that a server-side application (CGI) running on the web server? The former can theoretically rip into your machine and wreak havoc (and has done in the past) whereas the latter can do no such thing.
Given all the "sandbox escapades and escapes" that Java has suffered over the years, I would be hard to convince that Java is 100% safe on the client side.
cheers rickw
Indeed. I once had a mandatory "Java and the Internet" course rammed down my neck at University. After 6 months of writing REALLY shitty Java code (the assignments were vague and of questionable relevance - I actually averaged a HD in the assignments, it wasn't my code that made them crap) I came to the conclusion I would NEVER write Java code unless someone threatened to do unspeakable things to my unmentionables. Even then I'd consider the harsh treatment a better alternative.
Java sux. That's all there is to it. It's easy to write code for, it's got a really extensive code base of existing templates and classes, and it's easy for a large group of developers to collaborate with. But REAL code is written in a compiled language (C/C++ springs to mind) :P
I guess all languages have their place, but Java on an Internet banking site isn't one of them. Sandbox be damned - I don't want $BANK code running on my machine just coz they want it there! HTML+CGI over SSL with maybe a little JavaScript for layout, menus etc, but definitely NO JAVA.
--James
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
