This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Brice, > Thanks for the reply. While I completely agree with you on the security of > the LDM system, the Air Force Information Assurance folks have a habit of not > taking history into account, only 'rules'. We will see. Are connections to port 80 (the web server) allowed? If so, then that's a *much* greater risk than a connection to an LDM server's port 388. As a part of a parallel effort that is going on here we are working on an SSH-tunnel based authentication scheme that we are going to be tasked to apply to 'external' LDM clients/servers. You may remember some traffic on that from a few months ago. If the inbound nature of LDM 'bothers' them, maybe that will add enough security that they will not fight too much over it. Encrypting the traffic on an LDM connection is beyond the scope of the LDM system. The reason I believe an LDM server can't become an attack vector is because the LDM protocol doesn't support acting on arbitrary requests (the protocol is tightly prescribed) and because the LDM server forks a child process to handle each incoming request, crashing that process won't accomplish anything. > Thanks again for the information and I will keep ya'll up to date on how all > this plays out. Appreciate it. > Brice > > Brice Biggerstaff > JSC Weather Descision Support System > MIDDS Software Support > 281-853-3011 (w) > 713-764-2601 (p) > address@hidden (alpha pager for text and email) > > Res Confacti Erimus > “We Get Things Done!” Regards, Steve Emmerson Ticket Details =================== Ticket ID: ZYU-864541 Department: Support LDM Priority: Normal Status: Closed