[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: THREDDS 3.14 source code (was Re: Requiring java 1.5 ??)





John Relph wrote:


John,

I believe we ran some tests, I will see if we can get you the results
of the tests.


We dont publish source (at this point) to minimize hackers viewing
whatever mistakes we've made.


Well, that view doesn't hold a lot of water these days as the Java
decompilers are getting pretty darn good.  For example, Jad
(http://www.kpdus.com/jad.html) generates this source code from
thredds.war/WEB-INF/classes/servlet/Annotation.class:

yeah, its not real security, we will probably relax it after we get some feedback that we havent done anything exploitable.


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.