There might be a workaround: NOT installing any Java and just placing the
JRE inside the ACS folder. ACS will pick it up and it won't place any
system-wide values pointing to the JRE.
It might be against the spirit of using tested software, but it might also
be palatable for the IT guys. You don't actually want JAVA available for
intruders to use, you just need it to run your applications.


On Fri, 7 May 2021 at 08:35, Andrew Lopez (SXS US) <
Andrew.Lopez@xxxxxxxxxxxxxxxxxx> wrote:

I think it's important to understand *why* you are being asked to
uninstall "Java". And I put "Java" in quotes because that word actually
means a lot of things, *including* OpenJDK and Corretto. That is, OpenJDK
***IS*** Java, and Amazon Corretto ***IS*** Java also.

I was using "Java" as the trade name.

You are correct in that the reason is the licensing expense. The
worldwide business has been negotiating a license agreement for the latest
version. Using older versions is not an option. We are large enough that
we experience 0-day exploit attempts and spear-phishing on a regular
basis. Running older versions of anything is not an option for the
security folks. Running the latest version of Oracle's Java ("Java" as far
as I am concerned, since both OpenJDK and Corretto run under different
names) is now no longer an option.

Further difficulties arise because all software used has to be approved by
the same security folks mentioned above. In their place, I would make the
same decision. I don't think anyone on this list would be surprised at the
amount of Internet Explorer toolbars, sketchy "optimization" programs,
games, and frivolous garbage that can get installed on business computers
when everyone is allowed to load what they want. Vigilance is the eternal
price for security.

At the moment, Corretto is approved and OpenJDK is not. They also want us
running the latest version of Client Solutions (on 1.1.8.7 now).
_____________________________________________________________________
Spirax-Sarco Engineering Plc. This e-mail has been scanned for viruses by
Cisco Cloud Email Security.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.