Ftp in general is a bad idea. Data should have a single, well protected
copy.  ibm moves to REST APIs (zosmf, but can be used natively). Again,
they need to be protected.

ITschak

בתאריך יום ג׳, 28 במאי 2019, 21:51, מאת John McKown ‏<
[email protected]>:

> On Tue, May 28, 2019 at 12:46 PM Farley, Peter x23353 <
> [email protected]> wrote:
>
> > Ray,
> >
> > PMFJI here, but as a regular application programmer (not a sysprog) I do
> > not understand how the FTP JES option allowed is a configuration
> > vulnerability.
> >
> > Isn't the FTP JES option one of the ways that the IBM z/OS and CICS
> > Explorer Eclipse-based products (and maybe other ISV Eclipse GUI's)
> provide
> > to let you submit and review the results of compile and program test and
> > bundle transmission jobs?   If my FTP submitted jobs must have my
> userid+1
> > as the job name and my userid access is properly controlled by the ESM,
> how
> > is that vulnerable?
> >
> > IOW, how is FTP JES submission any different from TSO SUBMIT?
> >
> > Peter
> >
>
>
> I was wondering the same thing. The only thing that comes to mind is that
> more non-z/OS people know how to use ftp than tn3270. And using tn3270 to
> get to TSO to use SUBMIT requires the RACF ID to have a TSO segment. So, in
> effect, you can stop non-TSO people, who need to upload or download data,
> from submitting jobs. Assuming that such people know how to code JCL and
> issue the correct SITE command to submit to JES rather than upload into a
> data set / UNIX file.
>
> --
> This is clearly another case of too many mad scientists, and not enough
> hunchbacks.
>
>
> Maranatha! <><
> John McKown
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to