I got an email recently (EVERYTHING has been changed to protect the
guilty):
Subject: Feed replacement
Attached is the current Data file.
The file is ftp’d hourly to the following location:
ftp
open 10.1.10.2
username: PHONEY123
password: PHONEY123
cd PHONEY123.CEA1
get DATA.FILE
I recognize the IP address as a VM system, so what this person has just
done is send me the userid and password of a VM userid. That, of course,
is against our information security rules. Before I complain though, I
wish I could offer an alternative.
1. We have anonymous FTP turned off, again by information security rules.
Even if we turned it on, this person would not be happy, since he/she doe
s
not want to make the data available to everyone. (Although of course
sending the password in email might have that effect.)
2. The reason for making it available by FTP is that it needs to be
accessed from outside of VM. (z/OS, Unix, or a PC.)
3. The file is very large. They could not send it out via email; it would
be stripped off by our message limit.
4. They could put it on a web page. But there are userid and password
requirements there, also.
What do other shops do to make large VM files available to a limited
audience without sending out a password? (FTP or not.)
Alan Ackerman
Alan (dot) Ackerman (at) Bank of America (dot) com
