The claim that Java is insecure is just a meme right? I know that sandbox is shit but that's that really needed for standalone applications.
The claim that Java is insecure is just a meme right...
Liam Wright
Ayden Ross
Java in what sense?
Java web applets? Horribly insecure, that's why it's been abandoned for browser-based stuff.
Java as a language, used for client-side stuff? I don't see what's wrong with it.
Every now and then, I hear people talking about issues relating to Java serialization and deserialization. But that's about it. It has a ton of users and a lot of money behind it, and it still gets frequent updates. That's more than you can say for toy languages that are only used by people in academia. The built-in Oracle stuff is pretty good.
The only real issue is with bad code, like copying and pasting bad shit from Stack Overflow, or using 3rd party libraries which may or may not be secure and might not have a bug ticketing system or auditing/fixes.
And of course, nothing can fix a bad programmer. Off-by-one errors, misconfigurations, hardcoded passwords, insufficient randomness for RNG, unvalidated user input, etc.
Isaiah Kelly
I memed my mom once
Zachary Richardson
It's a lot safer than C.
Colton Ross
Definitely. C doesn't care if something is initialized or not. Pointers and memory management might give you e-cred with boomer programmers, but at the end of the day, when you leave memory safety up to the programmer, that's not good. It should have built-in security to make things easier. Rust, for example, is slightly better.
But just like how we don't code directly in assembly anymore, it doesn't make sense to use C or C++ anymore unless you REALLY need that extra performance, which many things don't.
Brandon Smith
Best part of Java is the JVM, not the language itself.
Jack Baker
The JVM has its exploits, and so does the Java STL. That said, Zig Forums really is retarded about this stuff; some people here swear they won't install Java because it's insecure, but they don't realize that as long as you only run the programs you trust, there is absolutely nothing to fear. More or less like any program you run in your computer.
Tyler Wright
The picture in the OP is even funnier when you realise he was caught for using Freenet (a java application)
Jaxson Hernandez
The previous version (JRE 10) had 12 minor DoS exploits known. Compare that to the number of severity of exploits known for any version of Chrome or Firefox.
Security is a function of when those exploits become known, how good the company is about patching them quickly, and how good users are about keeping their software up to date. You can get owned pretty hard running any piece of software from 15 years ago.
There is no STL in Java. There is a built-in Collections API, and there are 3rd party replacement APIs which have had serialization exploits per
Austin Scott
...