Category Archives: Miscellaneous

HTTPOXY vulnerability on IBM i

If you’re not up to date with security PTFs you will want to read the following security bulletin from IBM:

It relates to the HTTPOXY vulnerability in the HTTP server, and there are PTFS for Releases 6.1, 7.1, and 7.2.

BCD products that use the HTTP server include WebSmart, Clover, Presto, and Nexus.

As always, contact our support department if you have any questions or concerns,

Marc Hunter

RC4 “Bar Mitzvah” attack for SSL/TLS

We came across this article from IBM addressing the issue regarding RC4 vulnerability in SSL/TLS protocol:

The page has instructions on how to disable the weak RC4 ciphers for the IBM i. We recommend checking out the article in order to make sure your Clover, Nexus, Presto and WebSmart ILE/PHP Apache servers with SSL enabled are secured.

Code Snippets for PHP, JavaScript and ILE

Yesterday we added a folder to the consulting SVN repository to store code snippets in ( Code Snippets). There are already a few snippets in there. The purpose is of course easier sharing and accessibility to reusable code. And all the advantages of subversion, e.g. tracking changes.

Please feel free to add any of your code snippets to this folder and/or improve existing snippets.

The following scripts/functions/files are already there:

  • ILE
    • A search and replace function, that scans a text file for place holders and replaces those with any text. WebSmart 8.8 required with local variables and function parameters enabled.
  • JavaScript
    • A print_r/var_dump function that I found on a website. It’s similar to PHPs print_r/var_dump
    • jQuery Plugins: autoSubmit and elapsedTime. I wrote these two scripts. The autoSubmit plugin submits a form when a maximum defined number of characters is reached. The elapsed Time outputs a simple timer, I found the plugins out there too complicated for what I wanted to do. The autosubmit is used for two touch screen applications that we developed, Skechers and Cleveland Gear.