Password Encryption in Client Access?

[Guest.Visitor]

Can somebody tell me if Client Access encrypts passwords or not? I know that we should not telnet over the internet because the passwords are not encrypted and are thus vulnerable to hackers. But what about plain vanilla client access? I am asking this question because an overseas friend just recently invited me to connect to his AS/400 via the internet using client access on a dial-up connection. According to him: 1. His company does not use any firewall. 2. His AS/400 is directly linked to the ISP via leased line. 3. He controls internet access by starting/stopping the TCP/IP Interface to his public address (via STRTCPIFC & ENDTCPIFC) at pre-set time schedules. 4. All his internet users always use Client Access so that their passwords are encrypted. I admit that my knowledge on this subject is nil, but I can't help feeling that something is not quite right with his setup.

[Guest.Visitor]

Ricardo, I can tell you that Client Access by itself will not encrypt anything. You must have Client Access Express and configure an SSL connection. If the AS/400 host administrator hasn't mentioned any of this then chances are you aren't connecting with SSL. As far as the dial up connection, you should be okay if you are directly dialing into the AS/400 itself. Or you are probably okay if you are dialing straight into the company intranet and then becoming part of the company LAN. If you are shooting from one ISP across the internet to another ISP then I would be very concerned about encryption. HTH Scott

[Guest.Visitor]

Thanks for the info. This was an ISP-to-ISP type connection. I will email a warning to him.