× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Green-screen versus browser


I stand corrected.  This means that 5250 apps *are* indeed more safe
than browser apps because hackers cannot exploit hidden fields and such.


Depends on what you consider a "hidden" field. If you mean P-fields or H-fields in DDS, then you're right, they're never sent to the client so there's no danger.

However Non-display fields (those with DSPATR(ND)) can be viewed by a rogue 5250 emulator. People commonly use this feature to allow fields to be viewable to some users, and not to others. (By contrast, hidden or program-to-system fields can never be displayed on the screen)

The other area where this might be a concern is application trust. iSeries programs generally assume that 5250 screens will behave the way they're told to behave. Web programmers are usually more paranoid.

As a result, a rogue 5250 emulator can easily crash an RPG program, or send it data that will cause strange results.

I think it's a mistake to say that 5250 programs are more secure. In fact, the STRPCO/STRPCCMD ability by itself makes them significantly less secure than a browser. In fact, if you look at the major security holes that have been found in IE recently, pretty much all of them are major holes becuase they let you run a program on the client PC. In 5250, you don't need a convoluted work-around to infect the remote PC, it's done by design!

Security is not a reason to keep 5250.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.