× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2002

RE: Non-SSL CAX - clear text passwords?

I got this information from a friend of mine that develops 5250 telnet
client software.  I had asked him about the readability of the passwords
from the AS400 signon screen:

<<snip>>
You can "read" all data, and user name and password with a network sniffer
from a normal telnet 5250 session. You only have to have a EBCDIC table and
a short know-how of the protocol (What's data/text and what's 5250 control
information).
<<snip>>

He is working on adding SSL to his telnet client.  His product includes 5250
screens, 5250 printing and a built in FTP client.  It's got a much smaller
footprint than Client Access (1.7MB) and it's inexpensive (between $20 and
$40/seat depending on number of seats).  When he gets SSL built in, that
will be great.  I hate having to load CA on my machine just to get SSL.
He's at www.nexit.no .

++++++++++++++++++++++++++++++++++++++++++++
Go... FASTER!  Without an upgrade!  With ARCTOOLS/400(tm)
http://www.arctools.com
info@arctools.com
DCSoftware, Inc.
Ph: (508) 435-8243
Fax: (508) 435-4498
++++++++++++++++++++++++++++++++++++++++++++

 -----Original Message-----
From:   Hall, Philip [mailto:phall@spss.com]
Sent:   Tuesday, April 23, 2002 10:23 AM
To:     'midrange-l@midrange.com'
Subject:        RE: Non-SSL CAX - clear text passwords?

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--
[ Picked text/plain from multipart/alternative ]
> Tn5250 uses "password substitution".  Same as the appc user name and
> password exchange. It is documented in the tn5250 RFP.  I
> dont recall the
> details, but basically a string is transmitted that the receiver can
> translate to the actual password.

that's for the initial connection negotiation only. After that, if you're
not using SSL, when you enter your details on the TN5250 screen, that *will*
be sent as clear text.

--phil
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.