Saturday, July 27, 2002

Unsafe At Any Speed? C#'s relaxed security model may not be the best fit for your business

Excerpt by Al Williams, New Architect, August 2002

Another new-style language, Microsoft's C#, has a slightly different way of handling security—one that might appeal to you if you're an old-fashioned C programmer like me. Some analysts dismiss C# as Microsoft's attempt to replace Java out of spite for Sun. Certainly, Microsoft's reluctance to use Java must have played a major part in the decision to develop C#. Still, it's natural for new languages to imitate older languages to some extent. The real test isn't how much a language borrows; rather, it's how much it adds.

I've often said that Java by itself isn't such a spectacular language. Its main strength is its well-designed standard library. I've often thought that someone could clone the Java library for C++ and have a winning product. C# manages this to some extent, and it goes even further. It not only has libraries that compete with Java's, but it also imitates many Java language features.

One of the most interesting qualities of C# is the compromise it makes between the freewheeling style of C and the rigorous restrictions of Java. Sun could even learn something from Microsoft in this area.

When it comes to signing code, Microsoft's .Net uses a similar architecture to that of Java. The .Net Common Language Runtime (CLR) expands on the idea a bit by replacing the idea of a certificate with the concept of evidence. Evidence might be a certificate, or credentials established by some other authentication method. Based on the evidence provided by a piece of code, the system grants or denies rights.

C# differs sharply (pardon the pun) from Java in the amount of self-protection it affords programmers. C# derives much from C, and true to its heritage, it lets you use pointers and control memory management.

C#'s developers realized that while not including these capabilities might be acceptable in a perfect world, things aren't always so simple. If you have to interface your code with other programs, those programs (or their data structures) might require pointers, however error-prone they might be. Likewise, high-performance software might require pointers to squeeze out that last microsecond of performance.


Post a Comment

<< Home