Chapter 3. Java and JavaScript
Java and JavaScript are both languages for adding interactivity to web pages. Both languages can be run on either a web browser or a web server (or even stand-alone). Both languages have a syntax that resembles the C++ language.
Despite these apparent similarities, Java and JavaScript are actually two completely different languages with different semantics, different user communities, and different security implications. This chapter explores the security issues in each language.
Java
Although today Java is widely thought of as a language for writing programs that are downloaded over the Internet to web browsers, it wasn’t designed for that purpose. Indeed, Java’s security model was largely added as an afterthought. To understand the security issues with Java today, it’s important to understand the history of the language.
Java’s history started in 1991 when a group of engineers at Sun Microsystems were hard at work on a stealth project designed to catapult Sun into the world of consumer electronics. Sun envisioned a future in which toasters, remote control systems, stereos, and cable decoder boxes were all programmed using a common computer language with programs that could be easily downloaded over a network. The stealth project was designed to leverage Sun’s experience with computer languages, system design, and silicon manufacturing to turn the company into a major supplier for this new world order.
The key to dominating this new world was a new ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
