|
David, Tn5250 uses "password substitution". Same as the appc user name and password exchange. It is documented in the tn5250 RFP. I dont recall the details, but basically a string is transmitted that the receiver can translate to the actual password. Steve Richter -----Original Message----- From: midrange-l-admin@midrange.com [mailto:midrange-l-admin@midrange.com]On Behalf Of Shea, David Sent: Tuesday, April 23, 2002 8:48 AM To: 'midrange-l@midrange.com' Subject: Non-SSL CAX - clear text passwords? When using Client Access for telnet, you initially get the little pop up window asking for your user profile and password. I believe that this is the 'signon server' task that talks to port 443 (or was it 446? whatever...). I would assume (please correct me if I'm wrong) that this transaction is somehow encrypted (or at least not clear text). After completing this task, you get the regular AS400 signon screen. If you're not running SSL, am I correct in assuming that all the traffic back and forth to the AS/400 is clear-text and therefore when I log on my user profile and password will be plainly visible to any packet sniffing scoundrel?
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
