ArcIMS Security hole fixed?

James Fee pointed out something that i did miss in the 9.2 changelog and that is by default, ArcIMS will now no longer ship with the GET_FEATURES ArcXML request enabled.

Take advantage of improved security for served vector data. Image and ArcMap Image Services will not include geometry by default in the response to GET_FEATURES requests if the output mode is binary. With this change, ArcMap cannot be used to download vector data served in ArcIMS without the knowledge of the service provider.

I had actually pointed out this fatal security flaw in an earlier post last year … but its good to see its now “fixed”. I’m interested in how the 9.2 support tools such as ArcExplorer or even ArcGIS will handle connecting to ArcIMS services as i am pretty certain they use the feature request for rendering … maybe they are just using GET_IMAGE requests now?

thumbs_up.jpg