However, several of us do 12/20 oz Curls from time to time.
But to answer the various questions -- "WE" do not allow FTP
through our firewalls (like I really had to say this?).
And thank you Charles, I am addressing a very specific problem
and "we" did discuss some of the security issues.
Mind you all, I once was part of Connect:Direct for z/OS
development. So I have a bit more knowledge of some of the issues
than I thought needed to be disclosed or discussed.
Again, solving a specific problem for a specific situation.
And to answer the bulleted questions: It was pointed out to me
that I would have to recognize the environment wherein this FTP
front-end would get invoked in order to handle things correctly.
Something which I was already having concerns with/about.
Regards,
Steve Thompson
On 08/19/2015 12:14 PM, Charles Mills wrote:
Your points are all valid but in this case the OP has a specific problem of
auditing his production jobs. My guess is that his production does not know how
to spell curl.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Paul Gilmartin
Sent: Wednesday, August 19, 2015 8:55 AM
To: [email protected]
Subject: Re: AW: Q: FTP Exits
On Wed, 19 Aug 2015 10:50:46 -0400, Steve Thompson wrote:
And "interesting things" primarily requires writing a module with the
name (or Alias) of FTP, going a validation of the PARM data and/or the
contents of the INPUT dd, and then invoking FTP via an IBM provided
alias, etc.
And what prevents a user's invoking FTP directly via that "IBM provided alias"
in order to bypass validation? Security by obscurity?
Does the scheme work alike for FTP invoked:
o As a batch job step?
o As a TSO command?
o As a UNIX shell command/
Do browsers and Curl participate in this scheme or do they have internal FTP
interfaces which woulc likewise need to be modified?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
