Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following...

From: Chris Taylor <christopherdtaylor1994_at_gmail.com>
Date: Thu, 12 Nov 2015 18:12:19 -0600
Message-ID: <CAP79kiQdiq_4neLPsxTSy3VW5GB-JQ0XtnN_C-8yp6pi+ovBAw_at_mail.gmail.com>

Well, that makes me feel better at least - that I'm not alone in scratching my head over it I mean. Seems crazy to ship out a product that contains significant vulnerabilities when they could re-package it with a known good java version.

Chris

On Thu, Nov 12, 2015 at 5:33 PM, Tim Hall <tim_at_oracle-base.com> wrote:

> Well:
>
> 1) Many (but not all) of the major security alerts around Java6 have
> actually been on the client side, when running the Java plugins in
> browser, so server side Java is not so much of a problem (insert
> caveats here).
> 2) Cloud Control is not for public access, so...
> 3) WebLogic 11g (10.3.6) is still by far the most popular version at
> this time. Oracle Fusion Apps is currently built on WebLogic 11g
> 10.3.6 using ADF 11.1.1.9. To my knowledge, it has not been migrated
> to WebLogic 12c yet. With that in mind, it's hardly surprising other
> projects have not moved forward yet.
> 4) The teams in Oracle each have their own deadlines and
> time-to-market pressures mean they rarely use the latest products.
> Testing your code base against a later release of the software takes
> time that could be spent adding new features. This happens to all of
> us. :)
> 5) Cloud Control is a shrink-wrapped application. You shouldn't be
> using it for your own stuff, so why do you care what it's built with,
> provided it passes your external penetration testing? I treat it like
> a black box.
> 6) Oracle teams very rarely seem to look outside of themselves for
> best practices provided by other teams. As proof I offer you the
> database installations associated with eBusiness Suite, which don't
> seem to follow simple best practices that I would consider DBA101.
> Even if you are a good DBA, you have to check your real DBA hat in and
> pick up a Oracle Apps DBA hat before doing any work on them, because
> if you do things "correctly", the apps die. :)
>
> This is not a defence of it, it's just an observation. I made a
> similar comment about Java 6 when I first installed 12.1.0.5.
>
>
> https://oracle-base.com/blog/2015/06/17/oracle-enterprise-manager-cloud-control-12c-release-5-12-1-0-5-my-first-two-installations/
>
> I too get a little frustrated by this, but it is what I've come to
> expect of nearly every large software vendor. Check out what's under
> the hood of Microsoft BizTalk Server and you will see much the same
> issues. It's cobbled together with loads of old bits of software, but
> sold as a current "enterprise" solution... :)
>
> Cheers
>
> Tim...
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Nov 13 2015 - 01:12:19 CET

This message: [ Message body ]
Next message: Niall Litchfield: "Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following..."
Previous message: Tim Hall: "Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following..."
In reply to: Tim Hall: "Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following..."
Next in thread: Niall Litchfield: "Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following..."
Reply: Niall Litchfield: "Re: WHY WHY does Oracle OEM 12c (12.1.0.5) use the following..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message