Re: Reduce large amount of logicals in SUBFL pgm, take in another direction -- RPG400-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: Reduce large amount of logicals in SUBFL pgm, take in another direction
From: Pete Helgren <pete@xxxxxxxxxx>
Date: Wed, 03 Aug 2011 08:50:36 -0600
List-archive: <http://archive.midrange.com/rpg400-l>
List-help: <mailto:rpg400-l-request@midrange.com?subject=help>
List-id: RPG programming on the IBM i / System i <rpg400-l.midrange.com>
List-post: <mailto:rpg400-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=unsubscribe>

Excellent point Charles! SSL would buy some security but server side validation is about the only "guarantee" that data was properly scrubbed before committing. I'll have to give some thought to mitigation on tn5250j. Perhaps some ESAPI implementation can help there.

Pete Helgren
Value Added Software, Inc
www.asaap.com
www.opensource4i.com

On 8/3/2011 6:37 AM, Charles Wilt wrote:

I'm not even sure 5250 saves us...consider what a hacker could do with
the TN5250J project...

One of the issues with web apps, is that you have to assume that a
hacker can get around any client side validation. Well guess what,
with access to emulator code, the same applies to 5250. The DDS
VALUES() keyword is only a guarantee if all you have are twinax
terminals...

Charles

On Tue, Aug 2, 2011 at 7:54 PM, Pete Helgren<pete@xxxxxxxxxx> wrote:

My eyes were opened wide when I saw what a hacker can do
with an insecure web app, fortunately, we still live in a (mostly) 5250
world...

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.