Educause Security Discussion mailing list archives
Re: Another Java Thread
From: Tim Doty <tdoty () MST EDU>
Date: Wed, 24 Apr 2013 08:56:18 -0500
On 04/23/2013 10:37 PM, Steve Bohrer wrote:
On Apr 23, 2013, at 8:47 PM, "Shettler, David" <dshettle () HOLYCROSS EDU> wrote:We go a bit further and request that they move off of client dependencies altogether. No java, no flash,[…] Sorry if this is a naive question, but when you ask vendors to eliminate "client dependencies", are you just asking for specific binaries for each platform and OS, or is there some other scheme I'm missing?
The most obvious alternative is to use a web front end. And not a web front end that delivers a java applet.
Symantec's SIM is a good example of how to do clients completely wrong: the client is written in java, but is compiled in a way such that it requires windows to launch it. Using wine doesn't help. So despite the use of Java you are limited to Windows platform for clients and keeping a vulnerable version of Java. Supposedly they are moving toward a web client.
I don't necessarily have anything against a Java client per se (other than the recent aggressive abuse of vulnerabilities in the runtime), but it is amazing how vendors find ways to tie you to specific versions of Java. Having used complex and capable Java apps that worked no matter what version of Java you had installed or what platform it was running on, I really have to wonder about the Java developers at the vendors.
Web clients have their own set of issues (and Java does address some of these), including security problems, and just having a web client by no means assures it is platform independent (cue the IE dependent web clients). But at the moment I can certainly see how it would look much better. And, in general, a platform agnostic web client is my preference as well.
Tim Doty
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Another Java Thread Shettler, David (Apr 23)
- Re: Another Java Thread Steve Bohrer (Apr 23)
- Re: Another Java Thread Tim Doty (Apr 24)
- Re: Another Java Thread Chris Green (Apr 25)
- Re: Another Java Thread Steve Bohrer (Apr 23)