Re: Security Routines - bind by copy? (wasRE: Questionabout serviceprograms) -- RPG400-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: Security Routines - bind by copy? (wasRE: Questionabout serviceprograms)
From: Joe Pluta <joepluta@xxxxxxxxxxxxxxxxx>
Date: Fri, 01 Aug 2008 12:57:53 -0500
List-archive: <http://archive.midrange.com/rpg400-l>
List-help: <mailto:rpg400-l-request@midrange.com?subject=help>
List-id: RPG programming on the AS400 / iSeries <rpg400-l.midrange.com>
List-post: <mailto:rpg400-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=unsubscribe>

David Gibbs wrote:

All you really need is a list of the procedures in the service program and the current signature, all these can be retrieved from the DSPSRVPGM command.

I was thinking more along the lines of binding the security into the bound program, not a service program. Can that same information be gotten from DSPPGM? Also, the signature isn't quite enough - you'd have to do a man-in-the middle attack, although that's pretty simple. Just write your own procedure with the same signature that calls the existing procedure, and record the inputs and outputs until you figure out how to respond affirmatively to a challenge.

Of course, that's why you pass in a randomly generated passphrase which the called routine encodes, and then compare that against your own internally encoded value. But I digress... <grin>

Joe

As an Amazon Associate we earn from qualifying purchases.

Follow-Ups:

Re: Security Routines - bind by copy? (wasRE: Questionabout serviceprograms) , David Gibbs

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.