[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2

Subject: [netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2
Date: Mon, 07 Jul 2014 09:53:32 -0600

>It is just not practical for us to put out a new release of GDS with one patch 
>that
> makes the host of the server more vulnerable in order to accommodate a new 
> performance > feature in the netcdf library.
I do not understand how disabling the requirement that every request have a 
constraint
is a security issue? Even with this requirement in place, I can
access the whole dataset by specifying every top-level variable in a query.

Can you elaborate on how turning off this requirement makes the server
more vulnerable? Is there history here of which I am unaware?

The other issue, is, of course, the pain of issuing a new version
of grads, and I understand that perfectly. We don't issue new versions of netcdf
lightly either. 
=Dennis Heimbigner
  Unidata


Ticket Details
===================
Ticket ID: TMR-458993
Department: Support netCDF
Priority: Urgent
Status: Closed

Prev by Date: [netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2
Next by Date: [netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2
Previous by thread: [netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2
Next by thread: [netCDF #TMR-458993]: Failure to handle GDS server-side analysis URL with netcdf 4.3.2
Index(es):
- Date
- Thread