no the problem described, but from my experience, program developed to 3270 user interface, are face lifted using brokers, bridges and other middle wares. The three tier design ,where some of the field verification was done by MFS and maps and not handled any more, and the validation was planned for printable characters only. so, for example, a DOS attack against your transaction server (or access to data using SQL injection) can be easily conducted.
but the truth must be said, poor input verification can be dome on any platform in any language. ITschak On Fri, Mar 17, 2017 at 9:46 PM, Paul Gilmartin < [email protected]> wrote: > On Fri, 17 Mar 2017 14:32:13 -0500, John McKown wrote: > > > >> > On Mar 17, 2017, at 9:09 AM, Dyck, Lionel B. (TRA) wrote: > >> > > >> > It's not the LA that is the problem - it is the conditional branch > >> instructions that don't have the common sense not to branch where they > >> shouldn't :-) > > > >Yeah. The hardware designers should have made an "eXecute" bit to go > along > >with the other "metadata" bits (such as key and change) so that a > >attempting to branch to a frame which is not marked "eXecute" would cause > >an exception. But even that doesn't help since you could still "wild > >branch" into a code sequence. Maybe we should just all go to the IBMi > >series. Lots of really advanced ideas in that box. > > > Some systems (TOPS-10?) have had that and an execute-only bit, used for > IP protection. You could branch to it, but not fetch from it. Nor dump > it. > > You can't store into a REFR program (if REFRPROT) is enabled, but you can > still branch to a writeable frame. Some conflict with JIT recompilation. > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated Security Readiness Reviews (SRR) **|* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
