On 09/01/2011 11:08 AM, David H. Lipman wrote:
From: "Tom Davies" <tomdavies04@yahoo.co.uk>
Hi :)
Yes, those are the crucial points.
1. It's mostly only Base that is affected by which version of java you are
using. If you don't use Base you might even be able to stop LibreOffice from
trying to use java at all!
Tools - Options - LibreOffice - Java
and un-tick the tick-box at the top. If you can do that then you might find
LibreOffice opens significantly faster.
2. You can have more than one version of java on your machine. Most apps will
try to use the newest version but you can force LibreOffice to choose one that
works better for LibreOffice
Tools - Options - LibreOffice - Java
So your web-browser can be nice and safe.
3. I think the exploits would only work if contained inside a document that you
opened using LibreOffice? ie after various anti-virus programs had nosed
around.
4. Dependence on java is being slowly written out of LibreOffice to avoid this
problem in the future although it's probably going to take a long time to remove
it from Base completely! I think people are being steered away from Base
back-ends that might depend on java.
Regards from
Tom :)
In reference to #3, that is a faux conclusion.
JRE is installed into the OS and LO takes advantage of it in contrast to an application
that includes JRE and uses it privately.
Take Adobe Acrobat Professional v9.x as an example.
It installs a private version of JRE that is used by Adobe Life Cycle Designer.
C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin
Which is; 1.5.0_11-b03 (version 5 update 11)
That's is in contrast to the JRE distribution which is installed into the OS as a shared
Java resource.
C:\Program Files\Java\jre6
C:\Program Files\Java\jre7
Thus it is available to Internet Browsers such as IE and Firefox and all one has to do is
visit a web site that hosts malicious code that seeks out vulnerable versions of Oracle
Java and subsequently exploit it.
You wrote in in #2...
"Tools - Options - LibreOffice - Java...So your web-browser can be nice and safe. "
Selecting which JRE to use in LO is exclusive to what the Internet Browser ultimately
uses.
Well said.
In addition:
http://java.com/en/download/faq/remove_olderversions.xml
Let's also hope that 'webcracked' abides by Oracles license and in
particular:
====
7. EXPORT REGULATIONS.
C. LICENSE TO DISTRIBUTE SOFTWARE
D. LICENSE TO DISTRIBUTE REDISTRIBUTABLES
====
Personally I wouldn't want to be on the other side of Oracle's legal
office these days.
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
[libreoffice-users] Re: JRE older installs - Windows - nowonline - no need for Oracle account · Andreas Säger
Re: [libreoffice-users] Re: JRE older installs - Windows - now online - no need for Oracle account · Tom Davies
[libreoffice-users] Re: JRE older installs - Windows - now online - no need for Oracle account · David H. Lipman
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.