Hello Pete,
I think you are completely right in your interpretation. The SSL or VPN tunnel would encrypt all communcation between the PC and the (web and AS400) server. If the user would popup the HTML source he would indeed see (his own?) userid and password.
The auto disconnect feature as you describe it would indeed do an signoff endcnn(*yes) as final command. For the Java part you would have to popup an applet or frame or whatever to create a session, launch it, add a session listener to it that closes on disconnection. I'll look into providing an example.
Wim.
| Pete Helgren <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 16/06/2005 18:35
|
|
Thanks to all. You gave me much to think about....
Wim, I don't know much about SSL or how it is initiated but I thought that if you used SSL the stream was fully encrypted. That is, if you are using SSL then the traffic that is passing over port 992 is encrypted, even the signon screen. Is that the case? Also, our HTML based menuing system can run in an HTTPS environment so executing the applet under HTTPS would encrypt the page I think, though if the user viewed the page source they would see the password in plain text, right? The encryption is just used between the browser and the server. The HTML as rendered by the browser is still in plain text. It *could* allow a user to view the source on another user's browser and see the password (at least I think this is possible).
I think I understand the applet ending routine that you currently have but since I don't work that closely with the internals of 5250 some of what you and Kenneth are saying is going over my head. And I am still a relative rookie with Java so I need a bit more info and, if you can, a small snippet of code that demonstrates what you are talking about. For example, when you say "wrap the command" and then use a signoff with a disconnect, are you saying that I could just have a CL program that has a call to whatever program we want to run (in fact, we already have this) and then at the end of the command use SIGNOFF ENDCNN(*YES)? I think you also are saying that we need to add a sessionlistener to the applet code and then use that to trigger the navigation when the session is disconnected. I am not familiar with using a sessionlistener but with an example I think I can figure it out (code examples are always helpful).
It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES) should be easy enough but I need a little help with the sessionlistener logic.
Thanks! Now I just need to deal with the password issue and I think I have it.
Pete
BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If you can't find it in the archives, I can send it to you.
[EMAIL PROTECTED] wrote:
Hello Pete,
I'm not quite sure why everybody make a problem about the clear passwords. When you would send them encrypted, the emulator telnets to the AS/400 and what does he do in the first place: send your userid and password to the as/400. I think that these are in clear text also. The only solution would be to SSL or VPN your communication to your webserver and AS/400.
Next the autoclosing is fairly easy to implement using the autologin and scanning we have introduced in the emulator: when logging on you want to autostart a command. Lets call this the application command. What you can do is wrap this app command in you own shell command. e.g. start cmd('appcmd'). The start can do a few thing like setting liblists etc. But it's main purpose is to properly shutdown the emulator. You can do this in 2 ways: to a signof with disconnect. At the emulator side, you can attach a sessionlistener and have you applet navigate away from you page as the session gets disconnected. Or the start command can also trigger a scan code to the emulator: #! END so the applet can listen to this and perform an end of session. This way you can do a lot more than just ending.
Hope this helps,
Wim.
| Pete Helgren <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 15/06/2005 21:06
|
|
I had posted some of this about two years ago when I first started
working with the 5250 applet. The problems that I had (and still have)
have to do with the passing of UserID and password in the clear when I
start an applet session. Gaurav posted some code that has a servlet
that talks to the applet and passes the password back to it. I think I
can follow the approach but wanted to know if anyone else had solved
this problem in a different way.
We have an HTML based menuing system that runs on the iSeries (under an
Apache web server). The user logs in via an HTML login prompt and then
the menu(s) are generated from there. Some of the menu items are HTML
based but some are 5250 apps and we launch them using tn5250j in an
applet. We generate the HTML that launches the applet on the fly using
a template but so far we have had to pass the password in the clear, not
a good solution. So, if you have any ideas that we could use to start
the applet without passing the password in the clear, I'd like to hear
about it.
We also have a need to end the application gracefully when the users are
done running the 5250 application. Right now, we display a message that
says "Click the Exit link to end the program" and the user has to click
the link to end the session. What I would like to do is have the applet
close when the 5250 application has ended automatically. I am not sure
how to accomplish this since the 5250 session would have to "tell" the
applet to close....
I'd appreciate anyone's idea as to how to solve these two issues as
simply as possible.
Thanks,
Pete Helgren
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Tn5250j-general mailing list
Tn5250j-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tn5250j-general
