Ftp in general is a bad idea. Data should have a single, well protected copy. ibm moves to REST APIs (zosmf, but can be used natively). Again, they need to be protected.
ITschak בתאריך יום ג׳, 28 במאי 2019, 21:51, מאת John McKown < [email protected]>: > On Tue, May 28, 2019 at 12:46 PM Farley, Peter x23353 < > [email protected]> wrote: > > > Ray, > > > > PMFJI here, but as a regular application programmer (not a sysprog) I do > > not understand how the FTP JES option allowed is a configuration > > vulnerability. > > > > Isn't the FTP JES option one of the ways that the IBM z/OS and CICS > > Explorer Eclipse-based products (and maybe other ISV Eclipse GUI's) > provide > > to let you submit and review the results of compile and program test and > > bundle transmission jobs? If my FTP submitted jobs must have my > userid+1 > > as the job name and my userid access is properly controlled by the ESM, > how > > is that vulnerable? > > > > IOW, how is FTP JES submission any different from TSO SUBMIT? > > > > Peter > > > > > I was wondering the same thing. The only thing that comes to mind is that > more non-z/OS people know how to use ftp than tn3270. And using tn3270 to > get to TSO to use SUBMIT requires the RACF ID to have a TSO segment. So, in > effect, you can stop non-TSO people, who need to upload or download data, > from submitting jobs. Assuming that such people know how to code JCL and > issue the correct SITE command to submit to JES rather than upload into a > data set / UNIX file. > > -- > This is clearly another case of too many mad scientists, and not enough > hunchbacks. > > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
