Rick Welykochy was once rumoured to have said: > On Fri, 23 Jan 2004, Simon Males wrote: > > > Yeah Java is more secure, but boy does it love chewing you CPU and > > memory in the process... just to find out that your bank has invented > > another bank fee. > > Can you explain to the list how a client-side application (Java) > can be considered more secure that a server-side application (CGI) > running on the web server? The former can theoretically rip into your > machine and wreak havoc (and has done in the past) whereas the latter > can do no such thing.
There is no inherant security loss by using Java CORRECTLY. In fact, there is a gain by using Java in this application because you aren't relying on the web browser to do the right thing with history/cache records (there are quite a few that don't). The right way to use Java in this example is as a pure thin-client, with all validation and processing on the server - that way the Java bit itself is nothing more than a application shell to the server. And I think you'll find this is exactly how any online banking implementation that requires Java works. CBA Netbank only uses Java for their banner adverts. The main part of netbank is server-side scripted web pages. As for those who are speaking out against Java, if you seriously think that C is a better alternative for writing reliable/robust applications, I suggest you toddle off and have your head examined. Part of Java's charm is that it is harder to write code with trivial bugs that can result in larger problems. If you want a language that is closer to metal in the same category, then look at Ada95. Although, if you hate Java, you'll probably hate Ada95 just as much. C. -- --==============================================-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==============================================-- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
