How Security stays with Java references?

Java doesn't have pointer and has reference, then how reference are safe in term of security feature of Java?

What is the difference between Pointer and Referen开发者_运维知识库ce?

---

Security-wise none.

People criticize pointers because of the prevalence of buffer overflow vulnerabilities in applications written in those languages, but C and C++ are not prone to buffer overflows because they have pointers. They are vulnerable because they are not memory-safe. Cyclone is a language with pointers that is memory safe and which therefore does not suffer from buffer overflow vulnerabilities.

Java references are what let you deal with objects. They are not pointers, merely values that can be stored in multiple slots (object properties or local variables) that refer to a particular object.

Both java and languages with pointers suffer from certain common classes of security problems. Confused deputy vulnerabilities, and object invariants violated by poor concurrency controls are common examples.

Classes of applications tend to have specific security vulnerabilities and do not differ by language. Web servers, whether written in C or Java, tend to suffer from header splitting vulns, XSRF vulns, and the pages written in them, from XSS vulnerabilites.

---

java's reference can refer to only heap associated with that jvm. where pointer can point to any memory location.