Eric Strovink <firstname.lastname@example.org> wrote: > > There are, of course, at least two problems with any remote java > client: > > (1) unless you "own" it, and run it standalone, it needs to be > downloaded from a web server, and it can only connect back to > that same host. Thats what proxies are for, if you don't want to put it on your AS/400, use a proxy. > (2) it is insecure, at least from my reading of the current RFC's. All telnet clients are insecure. A java one isn't any more insecure than any other telnet client. > > A knee-jerk solution to this (indeed, my knee-jerk solution to most > such issues these days) is to insert a 10-cent Linux box in the > middle. In this case, the box proxies the telnet connections and > runs the webserver, does some firewalling, and encrypts > communication to the java client. This saves the AS/400 sysadmin > the scary prospect of putting his/her machine "raw" on the net, > running a webserver, installing software, etc. To him/her it's a > magic bullet > I think I see a flaw in that logic... When you start up a java applet, it downloads and runs on the client computer, not on the server! This means that if your Linux box encrypts communication to the AS/400, that the path from the Linux Box to the AS/400 is secure and the path from the client to the Linux box IS NOT. Since the AS/400 and the Linux box are probably on the same LAN (after all, in order for the Linux box to be the proxy, its going to also be the firewall) this does not give you ANY added security -- unless of course you're being hacked from inside your LAN :) On the bright side... if you're using TN5250, the data thats being sent back and forth is in EBCDIC. :) Its a bit less likely that someone has a packet sniffer looking at EBCDIC codes! Unless, of course, he's attacking you specifically... +--- | This is the LINUX5250 Mailing List! | To submit a new message, send your mail to LINUX5250@midrange.com. | To subscribe to this list send email to LINUX5250-SUB@midrange.com. | To unsubscribe from this list send email to LINUX5250-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: email@example.com +---
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.