David Gibbs wrote:
All you really need is a list of the procedures in the service program and the current signature, all these can be retrieved from the DSPSRVPGM command.
I was thinking more along the lines of binding the security into the bound program, not a service program. Can that same information be gotten from DSPPGM? Also, the signature isn't quite enough - you'd have to do a man-in-the middle attack, although that's pretty simple. Just write your own procedure with the same signature that calls the existing procedure, and record the inputs and outputs until you figure out how to respond affirmatively to a challenge.

Of course, that's why you pass in a randomly generated passphrase which the called routine encodes, and then compare that against your own internally encoded value. But I digress... <grin>


This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].