[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: THREDDS 3.14 source code (was Re: Requiring java 1.5 ??)





John Relph wrote:


John,

I believe we ran some tests, I will see if we can get you the results
of the tests.


We dont publish source (at this point) to minimize hackers viewing
whatever mistakes we've made.


Well, that view doesn't hold a lot of water these days as the Java
decompilers are getting pretty darn good.  For example, Jad
(http://www.kpdus.com/jad.html) generates this source code from
thredds.war/WEB-INF/classes/servlet/Annotation.class:

yeah, its not real security, we will probably relax it after we get some 
feedback that we havent done anything exploitable.