Hi All,
Has anyone done a technical risk analysis (TRA) of GeoNetwork (GN)? Such a
TRA should include but not be limited to:
1. tests to see if anything other than OGC and ISO TC 211 specifications,
standards and protocols can be called of external web sites. If this is true
then if the web server that is running GN is compromised then GN can't be
used to load up malicious programs.
2. what is the potential for GN scripts to be used to load socially
unacceptable web sites using the HTTP GET and POST commands? Eg. Porn sites.
In other words, can GN be used to compromise the web server that GN is
running on? If anyone has any TRA of GN could I have a copy of it?
Thanks in advance for any replies.
John Hockaday