John Relph wrote:
I believe we ran some tests, I will see if we can get you the results of the tests.
We dont publish source (at this point) to minimize hackers viewing whatever mistakes we've made.
Well, that view doesn't hold a lot of water these days as the Java decompilers are getting pretty darn good. For example, Jad (http://www.kpdus.com/jad.html) generates this source code from thredds.war/WEB-INF/classes/servlet/Annotation.class:
yeah, its not real security, we will probably relax it after we get some feedback that we havent done anything exploitable.
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.