>
> In principle, if ACS can use a "network copy" of the JVM, what's to
> stop other applications from using *that same copy*? It sounds a bit
> like security through obscurity to me. I get that this may be enough
> for some purposes, especially if you're just concerned about
> *accidental* Java use. But if the company policy is to lock down all
> the workstations to actively prevent Java from being run on them, this
> doesn't sound like it accomplishes that.
Well yes that's true. But if the workstation is sufficiently locked down
so that the user cannot open applications 'With program x' which would
seem appropriate, then there is no way for them to get the their java
application to utilize that JRE sitting the ACS directory.
Also there will be no association in Windows such that java apps will
run with that JRE by default so that's also off the table.
I'm no windows security expert by any stretch but I believe it is
possible to set the policies to deny opening files with 'random
application selected by the user'. If you think about it that would be
one of the very first things to block such that user can't open
spreadsheet with file sharing application for example and other such
things. Install applications and associate only the files the users
require access to to those applications.
- Larry "DrFranken" Bolhuis
www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.
Please understand that I am not trying to argue against *you*. If
there's anything I'm against in this thread, it's the anti-Java
policy. I think that idea is rather misguided.
John Y.
As an Amazon Associate we earn from qualifying purchases.