× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I think that C has the same safety. Al compilers on iSeries have to create an intermediate stage that gets translated into the final *pgm object. This is an assumption on my part. But the matter of separating data and executable code into separate stacks is probably not an RPG thing only, it's probably how *PGMs work. E.g., the 16-byte alignment requirement is not only an RPG thing, its the same across all executables on the iSeries. At least that is how I understand the statement in the article by Carol Woodbury and Patrick Botz referred to in an earlier post
<<http://www.skyviewpartners.com/java-skyviewp/pdf/Virus-Got-You-Down.pdf>http://www.skyviewpartners.com/java-skyviewp/pdf/Virus-Got-You-Down.pdf>, "In OS/400, the instruction stack is separate from the data stack.". This separation is an operating system thing, just as it is in DOS or Windows.


Vern

At 01:48 AM 11/9/2004, you wrote:
On Mon, 2004-11-08 at 14:36, Chris Bipes wrote:
> Well in order to do any of this, you need to get a hold of the application,
> reverse engineer it, identify the weakness, then build the program to
> attach. Easy to do with cheap MS applications that are generally available.
> But to do so I the iSeries will take a lot of money and effort. Yes it can
> be done. If I want to attach the Apache server on the iSeries, I could
> start with the open source for Apache on my windows platform. But will the
> same attach on the same program work on the iSeries? Now for my custom
> socket server that does not reside on any computer outside of the
> organization, well it would be more difficult to attach since you know
> nothing about my application and cannot get the program object or source to
> reverse engineer.
I generally agree with this line of thinking. And, I'm much more
worried about the possible result of a C program (e.g. Apache) than any
RPG code as a result.


>
> Most attacks are on wide spread internet services.  I.e. IIS, Exchange,
> SMTP, Cisco Routers, VPN server, FTP servers and others.  So I would not
> worry about custom applications that you put on the internet but on those
> standard packages that are widely used.  I do not think that one can break
> the actual IP stack provide by IBM that we all use.  But again, maybe there
> are holes in the low level stuff that can be hacked.
No, my investigation is making it clear to me that one would have to
work awful hard to open up some kind of flaw in RPG.  C, I don't know
about...
--
Regards,
Rich


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.