Search
  Powered By Google

Website WWW
Relevant Links
Top 10 Articles
Jetty - Java Developers's Guide To Latest Web Server Technology
Jetty, an Open source application server from Java has been the talk of the Developers community these days
Jetty - Java Developers's Guide To Latest Web Server Technology
Advantage And Disadvantages Of String Implementation In JAVA
Advantages of the String implementation in JAVA
Advantage And Disadvantages Of String Implementation In JAVA
Hibernate Vs JDBC Performance
The Hibernate advantage over JDBC
Hibernate Vs JDBC Performance
Choosing Java Vs .Net For Web Development
Choosing Java Vs .Net For Web Development
Choosing Java Vs .Net For Web Development
How To Call Java Applet Functions From Javascript
How to Call Java Applet Functions From Javascript
How To Call Java Applet Functions From Javascript
Java 2 Platform Enterprise Edition (J2EE) Three-Tier Model
Enterprise edition of J2EE is used for developing modular enterprise request.
Java 2 Platform Enterprise Edition (J2EE) Three-Tier Model
What Is Java Virtual Machine
What is java virtual machine?
What Is Java Virtual Machine
How Does Java Handle Overriding
Overriding tactics in Java is very different from C++ as methods by default in Java can be overridden unlike C++
How Does Java Handle Overriding
Java Interface Overview
Interface: Interfaces can be used to implement the Inheritance relationship between the non-related classes that do not belongs to the same hierarchy, i.e. any Class and any where in hierarchy
Java Interface Overview
Enterprise Java Bean Application Development With A Three-Tier Architecture
Enterprise java beans is basically a server side component architecture for developing modular enterprise applications based on the java platform
Enterprise Java Bean Application Development With A Three-Tier Architecture
Use Of Hibernate With Java Persistence API
Hibernate has become immensely popular amongst the developer community as it is a free, powerful, high performance open source object
Use Of Hibernate With Java Persistence API
Java Embedded Applications
Java, or J2ME is a format for applications for mobile and PDAs. It provides software that can been added to mobile phones
Java Embedded Applications
How Does Java Handle Overriding?
Overriding tactics in Java is very different from C++ as methods by default in Java can be overridden unlike C++. In C++, the concept of overriding functions are handled by Virtual Table, VTable
How Does Java Handle Overriding?
Work With Teradata Using Java
Teradata is one of the leading vendor in data analytics and data warehousing applications and softwares.
Work With Teradata Using Java
Point To Point Video Conferencing Using Java's JMF API
When a face-to-face meeting with someone far away becomes a necessity or a compelling presentation must be given to a remote person,
Point To Point Video Conferencing Using Java's JMF API
Learning Java Programming Coding Language
There are many programming languages available and each of them is suitable for another program or application.
Learning Java Programming Coding Language
Java Hashtable
A collection allows a group of objects to be treated as a single unit.
Java Hashtable
Working With JNDI In A J2SE Application
Java Naming and Directory Interface (JNDI) allows Java objects to be published to a directory service which can be accessed by other Java applications later.
Working With JNDI In A J2SE Application
Java Games - The World Of Excitement Is Readying With Options!
Mobile phones have grown from the pedestal of a mere communication tool and with the aid of some innovative steps plus the technological up-gradation
Java Games - The World Of Excitement Is Readying With Options!
Everything You Need To Know And How To Use Java
Java is an object-oriented programming language developed by Sun Microsystems in the early 1990s
Everything You Need To Know And How To Use Java
Of CGI And Java Scripts
CGI and Java Scripts are both functional with both Netscape and Internet Explorer browsers.
Of CGI And Java Scripts
Free Java Games - Entertain Yourself In Your Leisure Time
Today, you can find cell phones having multifunctional organisational tools
Free Java Games - Entertain Yourself In Your Leisure Time
Ajax Applications Development
AJAX has not only sprouted but has got root hold in developing dynamic web applications,
Ajax Applications Development
Benefits And Pitfalls Of A Java-Based Forex Trading Platform
Many forex brokers today offer a Java-based platform to traders as opposed to the traditional software that needs to be installed on your computer.
Benefits And Pitfalls Of A Java-Based Forex Trading Platform
Point To Point Video Conferencing Using Java's JMF API
When a face-to-face meeting with someone far away becomes a necessity or a compelling presentation must be given to a remote person, video conferencing is always your best choice
Point To Point Video Conferencing Using Java's JMF API
What Is CLASSPATH
A path specifies the name and location of a file on the file system.
What Is CLASSPATH
Javascript Is Not Java
Repeat after me: JavaScript is not Java, JavaScript is not Java. . .
Javascript Is Not Java
Eclipse IDE
Eclipse is an open-source, platform-independent software framework for delivering what the project calls "rich-client applications".
Eclipse IDE
Tomcat Jsp Run Error:Unable To Find A Javac Compiler
I always get this error when I run simple jsp files in my Tomcat 5.0.19/win2000. These jsp files run on other versions of Tomcat on the same PC. Any ideas?
Tomcat Jsp Run Error:Unable To Find A Javac Compiler
Deploying Web Applications To Tomcat
In this article we are going to cover the deployment of web applications using Tomcat.
Deploying Web Applications To Tomcat
Running The Tomcat 4.0 Servlet/JSP Container
Tomcat 4.0, a server that implements the Servlet 2.3 and JSP 1.2 Specifications from Java Software. In order to install and run this container, you must do the following
Running The Tomcat 4.0 Servlet/JSP Container
SOAP Example
In the example below, a GetStockPrice request is sent to a server. The request has a StockName parameter, and a Price parameter will be returned in the response.
SOAP Example
SOAP HTTP Binding
HTTP communicates over TCP/IP. An HTTP client connects to an HTTP server using TCP. After establishing a connection, the client can send an HTTP request message to the server:
SOAP HTTP Binding
SOAP Fault Element
The optional SOAP Fault element is used to hold error and status information for a SOAP message.
SOAP Fault Element
SOAP Body Element
The mandatory SOAP Body element contains the actual SOAP message.
SOAP Body Element
Introduction To SOAP
SOAP is a simple XML based protocol to let applications exchange information over HTTP.
Introduction To SOAP
Where Did Java Come From?
In the late 1970's Bill Joy thought about doing a language that would merge the best features of MESA and C
Where Did Java Come From?
What Is Java?
Java, formerly known as oak, is an object-oriented programming language developed by Sun
What Is Java?
How Do I Format Numbers Like C's Printf()?
Java does not have any built in equivalent to C's printf/sprintf/fprintf family of functions that specify the width and precision of numbers converted into strings.
How Do I Format Numbers Like C's Printf()?
How Do I Play A Sound In An Application?
Java's audio support comes from the AppletContext class and the AudioClip interface. Since applications don't have applet contexts, they have no easy way to play audio clips
How Do I Play A Sound In An Application?
Java Interview Questions
Java Interview Questions for java programmers !
Java Interview Questions
Java Games For Your Cell Phone
Are you one of those people who get tired when standing in queue? Can't stop multitasking no matter what you do
Java Games For Your Cell Phone
Pros And Cons Of JavaScript
Javascript use is very common across the Internet; but just because it is popular, does that mean you should use it for your site
Pros And Cons Of JavaScript
Tag Libraries
JSP 1.1 introduces a method of extending JSP tags, called "tag libraries".
Tag Libraries
Beans And Form Processing
The standard way of handling forms in JSP is to define a "bean". This is not a full Java bean.
Beans And Form Processing
JSP Sessions
If you are programming the site, it is very helpful to be able to associate some data with each visitor. For this purpose, "session"s can be used in JSP
JSP Sessions
JSP Tags
Another important syntax element of JSP are tags. JSP tags do not use <%, but just the < character. A JSP tag is somewhat like an HTML tag.
JSP Tags
JSP Directives
We have been fully qualifying the java.util.Date in the examples in the previous sections. Perhaps you wondered why we don't just import java.util.*;
JSP Directives
Mixing Scriptlets And HTML
We have already seen how to use the "out" variable to generate HTML output from within a scriptlet.
Mixing Scriptlets And HTML
JSP:Scriptlets
JSP also allows you to write blocks of Java code inside the JSP. You do this by placing your Java code between <% and %> characters
JSP:Scriptlets
Categories
Related Links

 

Java4Programmers.com

Java4Programmers.com This is a high-level informational site for java programmers outside of Sun Microsystems. This is a categorized directory of information sources for Java, including sources, communities, tools, etc.

Java Script

Java Script : Javascript Is Not Java

 

One of the most vexing problems in helping users, engineers and systems administrators stay on the road to better security is a basic problem of semantics and a proper definition of terms. Nowhere is this better demonstrated than in the continuing confusion over JavaScript and Java.

JavaScript has been the guilty culprit in a host of browser security problems recently, giving malicious Web site operators the ability to trick a browser into deleting files, and opportunities to steal passwords and credit card numbers, as well as many other dirty deeds.
Advertisement:

Java, while not completely bulletproof, has had only a fraction of the security incidents that have been attributed to JavaScript. But does anyone know the difference? Repeat after me: JavaScript is not Java, JavaScript is not Java. . .

Java, of course, is an object-oriented language developed by Sun. The language was originally developed to be small and portable, with set-top boxes and handheld devices as the original targeted platforms. It is similar in constructs to C++; however, its compilation into machine independent bytecodes rather than native machine code gave rise to its promise of write-once, run-anywhere status. The language predated the Web, but it soon became apparent that its portability virtues made it well suited for the Internet.

JavaScript is a scripting language developed by Netscape. Its original name was Livescript, and its name was changed to JavaScript to capitalize on "the everything is Java" craze in December of 1995. Technically, Netscape now calls it ECMAScript, and Microsoft calls it Jscript, but it gained critical mass under the moniker of JavaScript.

The work of both of these companies has been incorporated into the official standard, ECMA-262 ECMAScript Language Specification. The purpose behind JavaScript is to add some dynamic capabilities to HTML, such as verifying form information before it is transmitted, creating an interactive questionnaire, or playing a sound file in response to a user action; all without requiring server-based processing.

Although in many respects JavaScript is syntactically similar to Java, it lacks Java's sandboxing, static typing and strong type checking. By not following all of the strict rules a language like Java enforces, JavaScript is a simpler programming language for the masses but also contains more capabilities for a malicious programmer to step outside of its boundaries and do damage to an end user. JavaScript is implemented directly within HTML, like a macro within Microsoft Word, whereas Java is a standalone programming language.

Java applets are compiled into byte code format and are executed by the Java Virtual Machine, which can exist inside the browser context, or can be completely separate. Java applets are linked from within HTML pages, much like you would link to a gif. The Java Virtual Machine enforces security for the applet, preventing direct access to the native file system, for example. On the other hand, JavaScript code is embedded within the HTML page with its own special tags. JavaScript is executed by the JavaScript Interpreter within the browser, and rather than executing strictly within its own environment, it can be manipulated to invoke a wide variety of resources, such as making operating system calls and starting Java applets. Indeed it is often used as a front-end interface for organizing and reusing Java applets within HTML documents.

The sandbox for Java is well defined: an applet can only communicate with the original server it was downloaded from. The protection parameters for JavaScript are less well defined, and security issues are being patched on a regular basis.

Several sample scripts have been developed by browser bug hunter Georgi Guninski that demonstrate some of the problems with malicious JavaScript applications. These JavaScript applications read local files and perform a variety of nonharmful actions to demonstrate the risks. In reviewing the scripts, it is evident that they could have been very easily modified to look for sensitive local data and send it in stealth to a Web server.

Over time, JavaScript has become widely used because of the development push it has received from Netscape and Microsoft. While it is rare to absolutely need Java support in order to run mission critical Internet applications, many Web sites use JavaScript so extensively that it is virtually impossible to use these sites without it. (Indeed, SecurityPortal.com uses a JavaScript application for our menu, although a perfectly functional HTML menu is available to those without JavaScript support.) So it is a Catch-22 for users: disabling JavaScript reduces security risks, but many sites become inoperable without it. As Ron Moritz, CTO of Finjan Software, says:

"JavaScript .. introduces security problems. Most JavaScript security violations require only minor user interaction, such as a mouse click, to activate the malicious code. By simply creating a pop-up window that asks the user to click "OK" to continue, JavaScript attack code can be executed. Based on the risks associated with known JavaScript security violations, many have advocated turning JavaScript off.

"Today, blocking JavaScript is less common. One reason is that corporate users find it necessary to run JavaScript to enable required services. Consider an application that enables browsers to be used as clients of legacy systems through custom Web pages that link to various host applications. To improve services to users the application relies on JavaScript to automate tasks such as logon sequences and menu navigation. In the travel industry, several sites have emerged that deliver services only when JavaScript is enabled. There is little doubt that blocking JavaScript or other scripting languages will not be an option for long."

This not to say that Java is free from security issues. An applet from an untrusted Web site could easily act as a Trojan Horse, presenting a fake logon screen to capture passwords and sending this information back to the untrusted server. Well-conceived social engineering can deceive users any number of ways; however, there is not as great of an inherent risk to the local computer and private data files from Java as there is from JavaScript.

The solutions to the security issues that accompany active content technologies such as JavaScript are not easy to come by. Digitally signed applets do not offer genuine protection to malicious code. Software that attempts to enforce stricter sandboxing to JavaScript applications, blocking access to local system files or other resources according to policy are needed. It also may come down to the need to "dumb down" JavaScript and cut down on some of the functionality of the language in order to restore some sanity to the balance of security.

Other Relevant Articles from this Category:
Definitive Guide Java Script
Download Java Script
Download Free Java Script
Pros And Cons Of JavaScript
Javascript Is Not Java
Of CGI And Java Scripts
How To Call Java Applet Functions From Javascript
More Categories:
Java Script  
Download Java  
Java Game  
Java Programming  
Java Developer  
Java Certification  
Java Applet  
Java Sun Certification  
Java Tutorial  
Java Swing  
Java Runtime Environment  
Xml  
Install Java  
Java Network Programming  
Java Training  
J2ee  
Thinking In Java  
Java Application Server  
Java Programmer  
Java Design Pattern  
Tomcat  
Struts  
Jsp