This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Hi Leonard, > To: address@hidden > From: Leonard Sitongia <address@hidden> > Subject: netCDFPerl and CGI security > Organization: UCAR/NCAR/HAO > Keywords: 199803302218.PAA06829 In the above message, you wrote: > As user here is about to start using netCDFPerl from CGI scripts under > the HAO web server. > > I'm concerned about security and the server. Has netCDFPerl been > inspected for security risks? What state is it in with regard to this? > > thanks, > - --Leonard > > - --Leonard E. Sitongia Computer System Management Team (CSMT) > address@hidden voice: (303)497-1509 fax: (303)497-1589 > High Altitude Observatory P.O. Box 3000 Boulder CO 80307 USA NetCDFPerl hasn't been inspected for security risks. Note, however, that the netCDF C library hasn't been inspected for security risks either. Since NetCDFPerl is, basically, a library that is used by perl programs, it is difficult to see what security risks it, itself, imposes. I can certainly say that NetCDFPerl makes no attempt -- of and by itself -- to circumvent the security provided by the operating system. It is still possible, however, for a user to try and use NetCDFPerl to read a netCDF dataset that they shouldn't and, if the protection on the dataset is insufficient, to actually read the data. This, however, is no more a risk than the dataset was already in due to it's lack of protection. Did you have anything in particular in mind? -------- Steve Emmerson <http://www.unidata.ucar.edu>