c3270 -secure … isn't

[swhobbit]

I'm helping set up c3270 for anonymous public access, and thus examining c3270's secure mode. Problems include:

• less for functions like displaying the keymap is invoked without setting environment variable LESSSECURE=1
• The following functions which write to the local environment are enabled:
  • print screen
  • save screen images to printer
  • save input fields
  • help

Also, if the mouse is not enabled, it's impossible to exit the program unless the host drops the connection (which never happens if connected to a Hercules local port)

[pmattes]

I've got finer-grained security settings in wx3270, but x3270 and c3270 are still pretty primitive in this regard. I can certainly close the holes you mention, but getting disconnect/quit might be trickier.

Did you know that in the default keymap, Alt-q or Ctrl-a, q will exit the program? You could similarly add a mapping for Disconnect().

A more general solution, such as reinstating the c3270> prompt, but with restricted capabilities, would be a longer-term item. (And it wouldn't be all that much friendlier -- the user would have to know that Esc gets them to the prompt.)

[pmattes]

So (once I close the other holes), secure mode could look something like this: c3270 -secure -keymap secure -xrm 'c3270.keymap.secure: Escape: Quit(-force)' host:port

[swhobbit]

Actually Alt-Q should work, I just didn't know. As you noted, ESC to get the prompt is also secret information (unless you're old school enough to have used the original telnet.