× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Green-screen versus browser

On Tue, 26 Apr 2005, Rich Duzenbury wrote:

Hypothetically, I know of a menu application that allows only authorized
users to update menu items.  That is to say, the F8 key will allow a
menu update, but F8 is not activated in the display file for
unauthorized users.

The program code probably goes something like:

   // If the user is allowed to change the menu, activate the F8 key
   if authorized_to_update;
       *in28 = '1';   // activate the f8 key
   endif;

   exfmt the_menu;

   select;
       *in08 wheneq '1';
            // process menu update

Notice, the programmer of the menu app assumes that only an authorized
user can press F8, and never considered that a hacked 5250 client can
probably set on the F8 key at will.

It is true that a 5250 client could be modified to send back any key at all. It turns out to be quite simple. The hard part is knowing that such a key actually does something. Unless I'm misreading the 5250 spec, the iSeries never sends the hidden fields to the screen in the first place. So you wouldn't know that the possibility exists.

However, a network sniffer would allow you to know what the authorized people see and do, provided a hub is used and not a switch. Even if a switch is used, it is trivial to run a sniffer on your own box and then ask the admin to come over and run the program from your machine. Of course, if you can sniff you can do a lot more than just use it to hack a 5250 client.

James Rich

It's not the software that's free; it's you.
        - billyskank on Groklaw

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.