|
Jerome, The issue here is really the inability of DDS to do encryption, it has little or nothing to do with Client Access. Jerome Draper wrote: > > TECH TIP: TELNET SECURITY HOLE > http://www.as400network.com/nwn/story.cfm?ID=7051 > Q. Our new network engineer used sniffer software to watch me log on > to the AS/400. When I logged on with Client Access, he saw my user ID > only. However, when I connected to the AS/400 via Telnet (from the > Windows Start/Run menu), he saw my user ID and password. Is this a > known risk? Client Access (and possibly Renex, and your product as well?) will encrypt the password at the connection level, but if the standard AS/400 signon screen is presented, the user profile and password that is typed in there will travel in clear text. You have the same problem with FTP, and REXEC, etc. Unless you've encrypted the whole session using VPN or SSL you're going to be sending passwords in clear text. jte -- John Earl johnearl@400security.com The PowerTech Group 206-575-0711 PowerLock Network Security www.400security.com -- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
