0

I see there are a number of ways to install Java on Ubuntu... what I want to know is about which way is best for a server that is secure and running a Java web application.

The three ways I know of are:

  1. sudo apt-get install default-jre

    Or some other JRE package included in the main Ubuntu repos.

  2. Using Webupd8 per these links:

    Oracle Java (JDK) 7 / 8 / 9 Installer PPA

    How to install Oracle Java on Ubuntu 14.04?

  3. Manually installing by downloading from Oracle's website.

I'm familiar with all of these ways to install Java and I have no trouble installing Java. But which way should I use if I want my server to be secure and I want to easily receive Java updates in the future?

Community
  • 1
Jason
  • 105

1 Answers1

1

100% security isn't possible. For the 99.9% install Java from the Ubuntu Standard repositories. If you really need Oracle Java, avoid a PPA and install Java manually and you have also 99.9% security.

Using a PPA is always a security risk, a low risk but a risk.

The latest OpenJDK release for Trusty is 7u79-2.5.5-0ubuntu0.14.04.2, to install OpenJDK 8 you need at least Utopic.

The installation of Java 7 instead of Java 8 isn't a security risk because Java 8 is an update with new features and not a security update.

An if there is a security risk, there would be an update also for Java 7. In any case, for the time in which Trusty will be supported by Canonical.

A.B.
  • 92,125