× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Brad,

I highly doubt you will get an example for two reasons. First if they happen it's really rare. Second, most folks that get hacked have it happen because they did not do the due diligence to secure the site and they won't admit it.

Most of this is projection from other platforms, if it happens there it must be true on IBM i as well, even if it's not.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 4/23/2013 12:52 PM, Bradley Stone wrote:
Does anyone have an example of manipulating data, running programs,
compromising security, etc on web server running on an IBM i, or is it
purely speculative (or improper setup of the Apache config file, network
mapping, programming, etc?)

I know on other systems there are SQL exploits where you can try to pass
SQL statements into form fields but in my testing on applications (that
I've created that use SQL) I couldn't cause this issue. I've even read
recently where there are loopholes in things like Ruby on Rails, but I'm
mainly talking about CGI programs written with RPG and the pbApache server
running on the IBM i.

I'm not asking for strawman arguments. We can assume that the config file
is set up properly, the port mapping is correct, etc. I would even be
happy to provide a sample apache config file. Port 80 and/or 443 are the
only ports mapped to the i, etc.

I guess what I'm looking for, as are others I'm sure, are some examples on
how things could go wrong instead of simple speculation.

(sounds like a Friday question! hehe...)

Brad
www.bvstools.com
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.