Why do you think that FTP is any more of a security issue than a web server that allows downloading the same files? In either case you need appropriate security controls.
Actually, there are far more security issues with the WWW infrastructure than there ever were with FTP. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of ITschak Mugzach <imugz...@gmail.com> Sent: Tuesday, May 28, 2019 3:30 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Fwd: Just how secure are mainframes? | Trevor Eddolls Ftp in general is a bad idea. Data should have a single, well protected copy. ibm moves to REST APIs (zosmf, but can be used natively). Again, they need to be protected. ITschak בתאריך יום ג׳, 28 במאי 2019, 21:51, מאת John McKown < john.archie.mck...@gmail.com>: > On Tue, May 28, 2019 at 12:46 PM Farley, Peter x23353 < > peter.far...@broadridge.com> wrote: > > > Ray, > > > > PMFJI here, but as a regular application programmer (not a sysprog) I do > > not understand how the FTP JES option allowed is a configuration > > vulnerability. > > > > Isn't the FTP JES option one of the ways that the IBM z/OS and CICS > > Explorer Eclipse-based products (and maybe other ISV Eclipse GUI's) > provide > > to let you submit and review the results of compile and program test and > > bundle transmission jobs? If my FTP submitted jobs must have my > userid+1 > > as the job name and my userid access is properly controlled by the ESM, > how > > is that vulnerable? > > > > IOW, how is FTP JES submission any different from TSO SUBMIT? > > > > Peter > > > > > I was wondering the same thing. The only thing that comes to mind is that > more non-z/OS people know how to use ftp than tn3270. And using tn3270 to > get to TSO to use SUBMIT requires the RACF ID to have a TSO segment. So, in > effect, you can stop non-TSO people, who need to upload or download data, > from submitting jobs. Assuming that such people know how to code JCL and > issue the correct SITE command to submit to JES rather than upload into a > data set / UNIX file. > > -- > This is clearly another case of too many mad scientists, and not enough > hunchbacks. > > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
