|
midrange-l-request@xxxxxxxxxxxx wrote: > 3. RE: Green-screen versus browser (Lim Hock-Chai) > >I'm not security expert, but how would a green screen app be more secure that >GUI app? Is it because you isolate the AS400 from the internet world? If so, >how is that different from isolate the a GUI app from internet? Lim: I wouldn't call myself a "security expert" in this area either, but I'll add some thoughts. These are mostly impractical, so they're not presented as anything most of us will ever see examples of. I believe that the primary assumption when speaking of 'green-screen' is that the app is executed through a non-programmable terminal (NPT). Things change when NPTs are the base. When the app runs through iSeries Access emulation (and perhaps any number of other emulators), then security can easily be compromized from the client side (e.g., Windows). See for example: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/index.htm?info/rzaik/rzaikemulator.htm or http://makeashorterlink.com/?J1D1428FA Unless there's a guarantee that there is no rogue app that implements those and other related APIs, there's no guarantee of security in this area. Of course, there is and always has been significant 'security by obscurity'. Since the market for such rogue applications has been so limited, there is a vanishingly small risk. Not zero, but pretty close for most practical purposes. (Some of our customers would disagree.) I used to create simple little apps that did stuff to my 5250 (and 3270) sessions such as helping to ensure that I never experienced inactivity timeouts. That app would hang around while I was doing work and become active if I was away for a while. It would then send some keystrokes on a regular basis, perhaps the <Home> key or similar, to make the session think it was still attended. I used this mostly for sessions to IBMLink I think because I liked to have it open all day. It's been years, but capabilities always seem to grow. Nowadays I can only imagine what _could_ be done -- screen-scraping passwords is perhaps the least of the risks. This aspect of security is one that green-screen apps rarely if ever address. I'm not sure of any decent way it even could be addressed by the green-screen app. It covers actions that might happen without the knowledge of the active user. The alternative aspect of security against actions taken by the active user is easier to anticipate and is what green-screen apps traditionally (historically rightly so) cover. I imagine that this is the aspect that is intended when green-screen security is touted over GUI and related access technology. iSeries Access emulation sessions are essentially GUI, even if the 24x80 and 27x132 sections of the window are rendered as characters. I suppose most emulators can be thought of similarly. Tom Liotta -- Tom Liotta The PowerTech Group, Inc. 19426 68th Avenue South Kent, WA 98032 Phone 253-872-7788 x313 Fax 253-872-7904 http://www.powertech.com __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
