secure jre installation.

I need help on secure jre installation.is there any feature from sun for this?Please help me on this area.thanks in advance.

[152 byte] By [SajanK@tifacCoreCyberSecritya] at [2007-11-27 2:34:34]

«« Run Jarfile in systems without Java installed
»» use jradio button

# 1

secure in what way?What are you actually afraid of?and what's a cybersecretion?

jwentinga at 2007-7-12 2:52:06 >

top of Java-index,Java Essentials,Java Programming...

# 2

i am clearing my point with an example.for linux and all. the vendors are providing hash file to verify whethere theinstallation files are corrupted or not.my question is Is there any feature provided for java?

SajanK@tifacCoreCyberSecrity at 2007-7-12 2:52:06 >

# 3

that's only because they can't rely on the distribution channel to have reliable distribution files (anyone can distribute them and put in whatever they want).

Sun can rely on their distribution channel as they are their own distribution channel.

So either you trust Sun to provide you with an installer that doesn't contain trojans or virusses or you don't use their product.

The security in case of Sun is the reputation of the company, in case of hash files it's the reliability of the person providing you with that file.

jwentinga at 2007-7-12 2:52:06 >

# 4

read carefully the sun jdk licence here http://java.sun.com/javase/6/jdk-6u1-license.txt

You have just to download the JRE you need from http://java.sun.com/javase/downloads/index.jsp

http://java.sun.com/javase/downloads/previous.jsp

If you want, scan it using your preferable virus scan.

You can also check the integrity of your downloaded file (), but, unfortunately, sun doesn't provide the original keys to use (example md5 (http://en.wikipedia.org/wiki/MD5))

java_2006a at 2007-7-12 2:52:06 >

# 5

> i am clearing my point with an example.

> for linux and all. the vendors are providing hash

> file to verify whethere the

> installation files are corrupted or not.

> my question is

> Is there any feature provided for java?

But this does not provide any 'security' since, in most cases, the MD5 and SHA1 hashes are published on the same page as the download link. I could forge a site and publish an updated Fedora Core Linux together with valid hashes and inbuilt virus.

All the hashes do is allow one to check that the files have downloaded correctly.

sabre150a at 2007-7-12 2:52:06 >

# 6

>I could forge a site and publish an updated Fedora Core Linux together with >valid hashes and inbuilt virus.Good Idea ! Did you do it before ?; o )

java_2006a at 2007-7-12 2:52:06 >

# 7

> >I could forge a site and publish an updated Fedora

> Core Linux together with >valid hashes and inbuilt

> virus.

> Good Idea ! Did you do it before ?; o )

Read carefully. He says he COULD do it, which indicates he didn't actually do it.

jwentinga at 2007-7-12 2:52:06 >

# 8

jwenting : fu_ck u

java_2006a at 2007-7-12 2:52:06 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

secure jre installation.

Java Essentials New Topic

Java Essentials Hot Topic

Java Essentials

All Classified