Browse DevX
Sign up for e-mail newsletters from DevX


Software Engineers Put .NET and Enterprise Java Security to the Test  : Page 2

Software engineers from Foliage Software Systems conducted the first comprehensive comparative analysis of the security tradeoffs in the two major enterprise computing platforms. They talked with DevX earlier this week to tell us the risks and rewards of trusting your applications to enterprise Java and .NET.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

The Software Engineers' Picks  
Category Java or .NET Comments
Code Containment and Execution .NET App domains are less permeable.
Code and Data Protection TIE Java's more flexible; .NET offers Windows features.
Secure Communication JAVA Java is the "hands down" winner here.
Code-based Access Control .NET .NET seems to have learned a lot from Java security.
Role-based Access Control and User Authentication JAVA JAAS is better than what's available on .NET.
Auditing and Tracking TIE Neither offers much support; both are weak in this sense.

Boiled Down to Basics
Both platforms provide sound designs and deliver similar functionality, including their allowance for plug-in components, but they have inherent differences due to their vendor/OS bindings. .NET binds tightly to the Windows platform for many of its security services, while the Java platform is specification-based and platform independent. Of course, any sizable project using Java or J2EE products will invoke vendor-specific functionality, but Java's ability to be customized generally translates into better flexibility. At the same time, .NET is stronger out of the box in many aspects because it offers Windows security features by default.

A significant drawback for of Java is having many bodies participating in its design process, which leads to an inefficient, piecemeal evolution of specifications. Java specifications end up needing custom features before they're of any use. .NET's security is more streamlined and cohesive by comparison because its design and implementation are centralized. And unlike past Microsoft platforms, .NET shows evidence of having been designed with security demands in mind.

As the more mature technology, Java does offer more stability. Various enterprise Java products have been deployed, tested, and verified for years on multiple platforms by developers and users all over the world. Conversely, .NET just came into the world after about a year of extensive beta testing. Only now, after full release, will its architecture really be subjected to true field tests by the programming community at large, which inevitably will lead to the discovery of security design flaws and programming bugs.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date