Ticket #626 (closed Feature Request: wontfix)

Opened 10 years ago

Last modified 10 years ago

Unable to install without server side java

Reported by: PatriciaW Owned by:
Priority: Major Milestone:
Component: DeepaMehta Standard Distribution Version: 4.2
Keywords: Cc:
Complexity: 3 Area:


I need to know if it is possible to run deepamehta on a shared server which does not support server side Java?
I've got it working on my personal computer but I can't install it on my shared host due to this lack of Java.
Should I abandon this project?
Is there some form of user forum for simple questions like this?

Change History

comment:1 Changed 10 years ago by jri

DM's server-side part is written in Java, so you definitely need Java on the server. Without Java there is no way to run DM on the server.

But if your server allows you to install your own applications (like DM) and to open network ports (DM relies on its own port) you should be able to install Java on your server as well. Are you exposed to technical limits or do you have concerns about Java?

Regarding your questions you can consider subscribing the deepamehta-users mailing list and post there. (We have no forum.)

Thank you for trying out DM!

comment:2 Changed 10 years ago by PatriciaW

I don't have a server - I have a home computer and I would not be willing to use it for inbound traffic. I know that a lot of people have concerns about java as a security issue so I was not totally surprised that they did not provide me with access to it.
Unfortunately this rules out using DM on our site much as I liked it.
Thanks for your assistance.

comment:3 Changed 10 years ago by jri

I don't fully understand your aimed usage scenario but I like to stress 2 things here:

  • Java's security problem is at client-side, not at server-side. DM deploys Java only at the server-side. For a potential attacker DM provides no gateway but a TCP port open for inbound connections, just like every server application does. At client-side DM makes no use of Java. No browser plugin required.
  • You can configure the DM server to accept only connections from a certain subnet.

I guess the recent abundance of Java related security alerts have killed its reputation. Indeed, since Oracle Java is no fun anymore. For me neither.

comment:4 Changed 10 years ago by JuergeN

Hi Patricia, if you think that the usage of DeepaMehta is meaningful for you, I am well willing to support your effort. I have desrcibed a server side scenario to run DM behind an apache web proxy here: https://trac.deepamehta.de/wiki/UbuntuConfiguringApache2ServerSSLProxy .

In this scenario DM will only be accessible via SSL through a secured apache webserver. The java part ist not accessible from the outside at all. You could even run DM in a virtual and total locked down machine.

Let me learn more about your (collegues) concerns. You can also contact me in person https://trac.deepamehta.de/wiki/JuergeN or we can further discuss this in public on the deepamehta-users mailing list.

comment:5 Changed 10 years ago by jri

  • Status changed from new to closed
  • Resolution set to wontfix
Note: See TracTickets for help on using tickets.