This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Leonard, >Date: Tue, 31 Mar 1998 08:48:28 -0700 (MST) >From: Leonard Sitongia <address@hidden> >Organization: UCAR/NCAR/HAO >To: address@hidden >Subject: Re: 980330: netCDFPerl and CGI security >Keywords: 199803302218.PAA06829 In the above message, you wrote: > |> Did you have anything in particular in mind? > > Just the usual buffer overruns or other exploits which could be used > to read/write system files. That sort of thing. Well, I can't guarantee that there aren't any buffer overrun problems -- but my programming style is to never get into a position where a buffer overrun could occur (this is based on years of experience) so I'd be very surprised if that could happen. > There certainly > is security built into the configuration of the web server, what files > it can access, and what CGI scripts can do. I suppose the biggest > worry would be that a CGI could be made to rewrite the web server > permissions configuration file. I don't see how that could be done using NetCDFPerl. -------- Steve Emmerson <http://www.unidata.ucar.edu>