But doesn't the use of Java's JNI invalidate any security the JVM offers? As far... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

akg on Jan 11, 2012 | parent | context | favorite | on: Web programs written in C++ are no big deal

But doesn't the use of Java's JNI invalidate any security the JVM offers? As far as I know, any protections the JVM puts up are invalidated once you inject native code, which would potentially enable an attacker to potentially inject malicious code that hijacks the JVM. Then again, one could argue that the JNI is no longer a "Java" program.

tptacek on Jan 11, 2012 [–]

Yes, when you write C code and attach it to JVM processes, that puts the JVM process at risk. More C code, more problems.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact