Sunday, January 05, 2014

Why isn't Java more secure; a decade ago, it was "all the rage"

The security risks associated Java as a programming language on the Web remain perplexing.

When I worked for ING-ReliaStar, I took a one-week course in Java at a training center on I-94 west of Minneapolis in February 1999.  The company was already planning to use Java for the data access layer supporting its GUI interface, all the data replicated daily to a Unix mid-tier from the IBM mainframe legacy systems.

The company used PowerBuilder for the inhouse GUI for its Customer Service Workbench (GUI).  Indeed, during the recession in 2002 (after 9/11 and the dot-com collapse) the job market in PowerBuilder was better than it was in Java.

For Policy Access for external customers (online) I don't recall whether it used java or not, but there were few support problems in that area.

It sounds like a mystery with the Java Virtual Machine hasn't been made more secure.

Commentators say that Java was touted as a way to improve consumer interactivity, but it has been supplanted by Flash and by enhanced javascript, an unrelated scripting language.
The idea that home users should disable Java has been promoted since the recent Yahoo! breach was reported.

No comments: