[libreoffice-users] Re: JRE older installs - Windows - now online- no need for Oracle account

"David H. Lipman" <DLipman -AT- Verizon.Net>
Thu, 1 Sep 2011 14:08:49 -0400

From: "Tom Davies" <tomdavies04@yahoo.co.uk>

Hi :)
Yes, those are the crucial points.
1.  It's mostly only Base that is affected by which version of java you are
using.  If you don't use Base you might even be able to stop LibreOffice from
trying to use java at all!
Tools - Options - LibreOffice - Java
and un-tick the tick-box at the top.  If you can do that then you might find
LibreOffice opens significantly faster.


2.  You can have more than one version of java on your machine.  Most apps will
try to use the newest version but you can force LibreOffice to choose one that
works better for LibreOffice
Tools - Options - LibreOffice - Java
So your web-browser can be nice and safe.

3.  I think the exploits would only work if contained inside a document that you
opened using LibreOffice?  ie after various anti-virus programs had nosed
around.


4.  Dependence on java is being slowly written out of LibreOffice to avoid this
problem in the future although it's probably going to take a long time to remove
it from Base completely!  I think  people are being steered away from Base
back-ends that might depend on java.


Regards from
Tom :)


In reference to #3, that is a faux conclusion.

JRE is installed into the OS and LO takes advantage of it in contrast to an application 
that includes JRE and uses it privately.

Take Adobe Acrobat Professional v9.x as an example.
It installs a private version of JRE that is used by Adobe Life Cycle Designer.
C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin
Which is; 1.5.0_11-b03 (version 5 update 11)

That's is in contrast to the JRE distribution which is installed into the OS as a shared 
Java resource.
C:\Program Files\Java\jre6
C:\Program Files\Java\jre7

Thus it is available to Internet Browsers such as IE and Firefox and all one has to do is 
visit a web site that hosts malicious code that seeks out vulnerable versions of Oracle 
Java and subsequently exploit it.

You wrote in in #2...
"Tools - Options - LibreOffice - Java...So your web-browser can be nice and safe. "

Selecting which JRE to use in LO is exclusive to what the Internet Browser ultimately 
uses.

-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount (continued)
- [libreoffice-users] Re: JRE older installs - Windows - now online - no need for Oracle account · David H. Lipman
  - Re: [libreoffice-users] Re: JRE older installs - Windows - now online - no need for Oracle account · webmaster for Kracked Press Productions
    - [libreoffice-users] Re: JRE older installs - Windows - now online- no need for Oracle account · David H. Lipman
      - RE: [libreoffice-users] Re: JRE older installs - Windows - now online- no need for Oracle account · Dennis E. Hamilton

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.