Can somebody tell me if Client Access encrypts passwords or not? I know that we should not telnet over the internet because the passwords are not encrypted and are thus vulnerable to hackers. But what about plain vanilla client access? I am asking this question because an overseas friend just recently invited me to connect to his AS/400 via the internet using client access on a dial-up connection. According to him: 1. His company does not use any firewall. 2. His AS/400 is directly linked to the ISP via leased line. 3. He controls internet access by starting/stopping the TCP/IP Interface to his public address (via STRTCPIFC & ENDTCPIFC) at pre-set time schedules. 4. All his internet users always use Client Access so that their passwords are encrypted. I admit that my knowledge on this subject is nil, but I can't help feeling that something is not quite right with his setup.