I was reviewing the code for the 5250 bridge demo when I came across an issue which should be looked into immediately. One thing the i5 is known for is being secure, the addition of a user profile which allows a user to gain access to the system by a third party application is not normal. I would suggest if you have installed the Zend 5250 Bridge Demo’s that you take the following actions to ensure your system is not compromised.
First of all you should set the password on the Z5250DEMO profile to a password of your liking. I would also suggest you set the initial menu to *SIGNOFF, this will stop anyone from returning to the main menu and having access to the system if they sign on to the system using the profile.
The next change is in the sign on script used by the demo application. There are a couple of copies but the one you are interested in resides in /usr/local/Zend/5250/demos and is called login.php. Open the file in Zend Studio or your favorite editor and make the following changes.
The changes I have made are to the input field for the password which was
Has now been changed to
I have also commented out the line which puts the password as a hidden field
When the demo is run now you will be prompted for the password of the Z5250DEMO user.
The above will secure your system again, I did try the demo and it worked as I expected. However when I signed onto the system through the normal green screen using Z5250DEMO I was able to get back to a command line and the main menu!
If you have any questions about what I have done or why I have done it please let me know...