RE: Secure coding practices 5250 DDS

[Roger Harman <roger.harman@xxxxxxxxxxx>]

Don't forget PC Support/38 and shared folders....



-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Frank Kolmann
Sent: Thursday, March 4, 2021 7:18 PM
To: rpg400-l@xxxxxxxxxxxxxxxxxx
Subject: Re: Secure coding practices 5250 DDS

Speak for yourself.  Most beloved 5250 terminals, from a security 
viewpoint.  Hated by the security violators.
IBM charged so much for a colour terminal that, for the same price one 
could buy 3 PCs with emulator cards that had colour screens.

In the early days I experienced a PC that someone played a game from a 
floppy disk, PC got hit by a virus then the virus got onto the IFS and 
from there onto other PCs.
I had an application that transferred spreadsheet data between PCs using 
the IFS.

Never had such a security issue with 5250 monitors, biggest problem was 
people using sticky notes on the monitor showing their password.

I know this has not much to do with RPG, having said that, the inbuilt 
security of the S38 and AS400 and 5250 terminals meant that one had much 
less concern with secure RPG coding practices.

Perhaps this is a clue on how to engineer secure hardware and let the 
RPG coders concentrate on the real business issues.

  Resurrect the S38.

Frank


On 05/03/2021 5:44 am, Peter Dow wrote:
> Depending on the given environment and middleware you're using, you 
> may count on that to prevent invalid input. In the IBM i context, funnily,
> the probably most hated is also the most secure one: 5250 DDS *DSPF or 
> Panel Groups limit possible characters and maximum lengths.
> Perhaps it is possible to construct a 5250 response with a specially 
> crafted emulator to overcome such limits.
> I don't know 5250 at this level. Web input has a lot less limitations 
> and thus opens up much more possibilities.