>
> In principle, if ACS can use a "network copy" of the JVM, what's to
> stop other applications from using *that same copy*? It sounds a bit
> like security through obscurity to me. I get that this may be enough
> for some purposes, especially if you're just concerned about
> *accidental* Java use. But if the company policy is to lock down all
> the workstations to actively prevent Java from being run on them, this
> doesn't sound like it accomplishes that.

Well yes that's true. But if the workstation is sufficiently locked down so that the user cannot open applications 'With program x' which would seem appropriate, then there is no way for them to get the their java application to utilize that JRE sitting the ACS directory.

Also there will be no association in Windows such that java apps will run with that JRE by default so that's also off the table.

I'm no windows security expert by any stretch but I believe it is possible to set the policies to deny opening files with 'random application selected by the user'. If you think about it that would be one of the very first things to block such that user can't open spreadsheet with file sharing application for example and other such things. Install applications and associate only the files the users require access to to those applications.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.


Please understand that I am not trying to argue against *you*. If
there's anything I'm against in this thread, it's the anti-Java
policy. I think that idea is rather misguided.

John Y.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.