Java vs. .NET Security, Part 3
Subject:   What is it that ".NET lacks completely"?
Date:   2004-07-09 23:12:47
From:   rayburns
Huh? The following comment on page 3 makes no sense to me and I think it may be based on a misunderstanding:

"Java defines very flexible approach to adding and overriding default policies -- something that .NET lacks completely."

This conclusion doesn't seem to have anything to do with the preceding material on the page. That page gives four different ways to override default security in Java, all of which are present in NET Framework as well. Did anyone understand what the author is claiming NET Framework lacks? Here are the things he mentions earlier on the page:

1. He mentions passing arguments on the command line. Command line parameters are generally passed in from scripts (Windows programmers, think ".bat" files). The NET Framework equivalent of editing the java startup script is to edit the App.config file, which gives the execution parameters for a given application. If passing security settings directly from the command line is actually desired (but why?), it is only a few lines of code to copy the parameters into a new App.config file and use it.

2. He explains how an arbitrary number of policy files may be loaded and merged in Java. The same is true in .NET, and is used by default for web.config files. In fact, this also allows you to define your own hierarchy of configurations with overiding rules, etc.

3. He describes the "grant" statement syntax. The functionality of Java's "grant" syntax is a subset of the functionality of the XML used in NET Framework, which can accept arbitrary serialized objects.

4. He talks about files being granted different security based on location. This works the same way in NET Framework, though it is not preconfigured by default, since there is a better way available.

Can anyone explain what the author was referring to? It seems that in this area .NET has all the functionality of Java and a whole lot more. Perhaps he was thinking of some other functionality he didn't mention.

Ray Burns

1 to 1 of 1
1 to 1 of 1