[Info-vax] What to do with my VAX.....

[seasoned_geek]

On Friday, November 20, 2020 at 6:52:07 PM UTC-6, Arne Vajhøj wrote:
> On 11/20/2020 7:35 AM, seasoned_geek wrote: 
> > On Wednesday, November 11, 2020 at 6:16:54 PM UTC-6, Arne Vajhøj 
> > wrote: 
> >> On 11/11/2020 11:52 AM, seasoned_geek wrote: 
> >>> Even when one has a firewall in a router, PASSTHROUGH PORTS ARE 
> >>> ENABLED for many things. 
> >> Hopefully all ports inbound are closed. 
> > 
> > They generally cannot be.
> Of course they can. 

No. They can't if things are to get through.

> > Nobody said it was data validation. It is protection. By itself it 
> > stops 100% of the data overrun exploits

> Actually it enables data overrun exploits if the code is bad. 
> 
> Data overruns are a fixed length format problem only.

MY GOD, QUIT TYPING!!!

You have never worked with Websphere or any of the other message translation sacrificial machine on the Internet tools. I have. That's a physical impossibility. It's a physical mapping. X number of bytes from this tag in this spot. It's the exact same engine for everything.

> Have you ever read anything about SQL injection? 
> 
> 35 characters is more than sufficient for many cases of SQL injection.

Not when one has competent developers and has a tool like Websphere (or one of its competitors) creating fixed length messages that are ultimately being processed by COBOL via SQLmod from within an ACMS server, no, 35 is not enough because the code set doesn't allow anything through.

Now, if you are a Java programmer who knows nothing about large scale corporate systems then one byte is probably enough to knock your code over.



> Given that the wikipedia article use the same definition and 
> that other people here also use that definition, then it is 
> obviously not my definition. 

Absolutely anyone can edit Wikipedia. Did you quick run out and put your own definition in there?