× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On 10/25/07, John Earl <john.earl@xxxxxxxxxxxxx> wrote:
You start iSeries Navigator, connect to your system. Your password is
sent in plain text, so everyone can read it and enjoy your QSECOFR
rights!
Because iSeries Navigator uses the *SIGNON server to authenticate, I was
under the impression that the iSeries navigator signon process was a
secure hash exchange and not flowing userid's and password in clear
text. Can you elaborate or explain the vulnerability here?

That would make a lot of sense, and i do not exactly know how this
services works.

I based my assumption that the logon is not secure on the fact that it
is not using SSL, but can be configured to do so:
http://www-1.ibm.com/support/docview.wss?uid=nas2fcc664db54c4c549862568720047b5fd

But if it using a secure Challenge/Response way for authenticating the
user, it would be secure SSL. A quick google search did not yield
results for me, so i might be wrong.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.