Genie Underlying Structure and Security
Genie is a web based modernization tool served by the IBM/Apache Web server.
Genie offers access to a 5250 session through a web browser. Because the browser is a graphical environment it can render the screens using many of the modern input controls. An input field can be represented as a text box, select box, radio button, checkbox or any other html input control. Output fields and input fields can be rendered anywhere on the page, hidden from view or assigned numerous style properties such as color, font type, letter spacing etc. Genie can provide automation of keystrokes that the underlying program running in the 5250 session is expecting such as the Enter Key, Function Keys or Page Up/Down keys and can pre-fill certain input fields if required.
It is important to understand that even though the browser version of the 5250 screen may look very different from the original, it is still a 5250 session and the same security considerations apply.
The apache web server used by Profound UI Genie has been configured in such a way that only 5250 sessions and Rich Display File applications created with Profound UI are available. No other access is possible except for SQL which is addressed below.
The Apache web server is extremely secure. There is no known way to hack into or bypass the security of this server. The Apache server is supplied, recommended and supported by IBM.
Some 5250 input fields can be replaced with an alternative that is more user friendly. One example is a select box where a user chooses an option from a list instead of manually entering text. These input controls may need to access database files on the i5 in order to load the options and SQL can be used retrieve this data. Care must be taken to properly secure the SQL functionality using standard i5 OS user/group profiles. SQL can be disabled if required.
All of these modernization techniques are cosmetic because the underlying application (usually legacy RPG applications, but in fact can be any application) is still running, displaying the same screens and accepting the same input fields in the 5250 session as they were originally designed to do. Genie cannot change the operation of these underlying programs. It is still displaying and providing input to a 5250 session and can only change the way output screens are displayed and how input fields are represented and populated.
All of the vulnerabilities of a 5250 telnet session also exist in a web served 5250 session.
Communication between the i5 and the existing telnet session is by default in plain text. This includes the userid and password. If a telnet session is to be used outside of a private network, it should be configured to encrypt the session data. The same considerations apply to Genie. All network traffic between a browser and the i5 web server is in plain text by default. If Genie is to be used outside of a private network, it too needs to encrypt the 5250 streams. This is achieved by using SSL. The i5/OS includes all software needed to run SSL, and Genie fully supports this.
RPG programs running on the i5 OS in a 5250 session using i5 user profiles and object authority is a time tested, robust interface used by millions of users worldwide. Genie is simply offering this same robust and secure 5250 session via the industry standard and IBM supported Apache web server.