Brice, > Thanks for the reply. While I completely agree with you on the security of > the LDM system, the Air Force Information Assurance folks have a habit of not > taking history into account, only 'rules'. We will see. Are connections to port 80 (the web server) allowed? If so, then that's a *much* greater risk than a connection to an LDM server's port 388. As a part of a parallel effort that is going on here we are working on an SSH-tunnel based authentication scheme that we are going to be tasked to apply to 'external' LDM clients/servers. You may remember some traffic on that from a few months ago. If the inbound nature of LDM 'bothers' them, maybe that will add enough security that they will not fight too much over it. Encrypting the traffic on an LDM connection is beyond the scope of the LDM system. The reason I believe an LDM server can't become an attack vector is because the LDM protocol doesn't support acting on arbitrary requests (the protocol is tightly prescribed) and because the LDM server forks a child process to handle each incoming request, crashing that process won't accomplish anything. > Thanks again for the information and I will keep ya'll up to date on how all > this plays out. Appreciate it. > Brice > > Brice Biggerstaff > JSC Weather Descision Support System > MIDDS Software Support > 281-853-3011 (w) > 713-764-2601 (p) > address@hidden (alpha pager for text and email) > > Res Confacti Erimus > âWe Get Things Done!â Regards, Steve Emmerson Ticket Details =================== Ticket ID: ZYU-864541 Department: Support LDM Priority: Normal Status: Closed
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.