[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #JGM-828686]: LDM lack of proxy compatibility



Josh,
 
> Some of our broadcast stations subscribe to weather information services
> provided by Weather Central.  Weather Central is apparently using your
> product in conjunction with their application to deliver weather information
> to our stations.  Our preferred security strategy is to route all Internet
> traffic through our proxy firewalls where the relevant protocols are
> subjected to the highest possible level of compliance verification.
> Apparently, your program, LDM, does not work with proxies, and we are forced
> to loosen our perimeter protection to allow this traffic to pass through a
> stateful packet filter.  So far, we have been doing this on a temporary
> basis, hoping that the application would, at some point in the future, be
> modified to be proxy aware.  Can you provide us with details regarding the
> protocol involved that you are running over TCP port 388?  Can you tell us
> if there is any plan to make this application compatible with proxying in
> the future?  We'd be glad to discuss this with your development team and to
> provide clarification, should you need it.

Hmm...  "Proxy aware" and "proxy compatible" can mean different
things to different people depending on the context.  What's your
context?  Are the broadcast stations running LDM-s that connect
directly to Weather Central and does this require opening up port
388 throughout your organization?  Would you prefer that all the
station LDM-s connect to an internal proxy server instead?
Are you asking if there's a "proxy" version of the LDM that
could be run on a highly secure host and to which all of the
station LDM-s would connect?

Having asked all that, the protocol used by the LDM is old
fashioned ONC RPC over TCP connections.  A description of the
individual RPC messages can be found at

    <http://www.unidata.ucar.edu/software/ldm/ldm-6.6.3/basics/protocol.html>

Also, the LDM, itself, can be used as a proxy server (depending
on your definition of "proxy server").

For what it's worth, there has never been a "break in" using
the LDM to the best of my knowledge.  As the developer of
the LDM, I don't think such an act is even possible.

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: JGM-828686
Department: Support LDM
Priority: Normal
Status: Closed