Good News Everybody!
The new search engine is LIVE!
Please report any problems to david (at) midrange.com.
|
On Tue, 2005-04-26 at 14:09 -0600, James Rich wrote: > On Tue, 26 Apr 2005, Walden H. Leverich wrote: > > >> It is true that a 5250 client could be modified to send back any key at > >> all. > > > > Wouldn't display management stop that? I would think (hope?) that the > > workstation manager would see a F8, but it would "know" that F8 wasn't > > valid and stop the request. Is that not the case? > > Good question. To test I ran tn5250 using the trace option (which logs > everything sent between the client and host) and pressed an invalid key. > tn5250 sends the key as entered (so you don't actually have to modify > anything). The iSeries responds that the function key is invalid. So the > validation is done by the host, not the client. Client hacks won't get > you anywhere. I stand corrected. This means that 5250 apps *are* indeed more safe than browser apps because hackers cannot exploit hidden fields and such. Excellent. -- Regards, Rich Current Conditions in Des Moines, IA Overcast Temp 50F Winds out of the North at 21, gusting to 29mph
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
