[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 980330: netCDFPerl and CGI security
- Subject: Re: 980330: netCDFPerl and CGI security
- Date: Tue, 31 Mar 1998 08:41:34 -0700
Hi Leonard, > To: address@hidden > From: Leonard Sitongia <address@hidden> > Subject: netCDFPerl and CGI security > Organization: UCAR/NCAR/HAO > Keywords: 199803302218.PAA06829 In the above message, you wrote: > As user here is about to start using netCDFPerl from CGI scripts under > the HAO web server. > > I'm concerned about security and the server. Has netCDFPerl been > inspected for security risks? What state is it in with regard to this? > > thanks, > - --Leonard > > - --Leonard E. Sitongia Computer System Management Team (CSMT) > address@hidden voice: (303)497-1509 fax: (303)497-1589 > High Altitude Observatory P.O. Box 3000 Boulder CO 80307 USA NetCDFPerl hasn't been inspected for security risks. Note, however, that the netCDF C library hasn't been inspected for security risks either. Since NetCDFPerl is, basically, a library that is used by perl programs, it is difficult to see what security risks it, itself, imposes. I can certainly say that NetCDFPerl makes no attempt -- of and by itself -- to circumvent the security provided by the operating system. It is still possible, however, for a user to try and use NetCDFPerl to read a netCDF dataset that they shouldn't and, if the protection on the dataset is insufficient, to actually read the data. This, however, is no more a risk than the dataset was already in due to it's lack of protection. Did you have anything in particular in mind? -------- Steve Emmerson <http://www.unidata.ucar.edu>
- Prev by Date: Re: netCDF question (maybe it's actually a C question)
- Next by Date: Re: 980330: netCDFPerl and CGI security
- Previous by thread: Re: netCDF question (maybe it's actually a C question)
- Next by thread: Re: 980330: netCDFPerl and CGI security
- Index(es):