|
Hi everyone... - since the subject of FTP seems to have popped up again, I was wondering if anyone could offer any help on these exit pgm animals. Here is the current situation (and problem!): We have all our normal users using a group profile, which apparently was set up like this long ago, as I understand it. It was (still is) a menu-driven security type of setup, built long before the days of TCP/IP on the 400, so not much care was taken in designing application/file security, and as a result, this group profile has full authority to all the data that (*change on objs, *all on dta?? -- not sure exactly, "AS/400 object/file security" is not really my bag, but TCP/IP is, so that is why I have been asked to do this) resides in files in all our prod libs. ---- Not good at all in the FTP world, I know, I know, and have let them know of this (huge!) security hole many times before. (Worse, this system does not have any auditing on (as far as I can tell, anyways... like I said, security really isnt my bag!), so probably noone would even know who trashed these files if it were to happen via FTP by one of these group members!!) I really need to somehow restrict certain FTP subcommands on certain libs, as well as restrict access to certain libs altogether for all members of this group profile. As I see it now, you can only retrieve the *USRPRF within the exit pgm..... (actually it's an input parm, but you know what I mean!..) .... I would hate to have to code hundreds of usrprfs in there, just to restrict certain access to all members of this group!! Also, since all the *usrprfs within this group start with different letters (i.e. SMITHJ, JONESH,RICHARDSL, etc, etc), I cannot simply %SST the &USRPRF variable to check for certain strings within the exit pgm --- which I imagaine would work great, if all the profiles started with the same couple letters!... Any ideas? I'm thinking now that maybe by calling another pgm within the exit pgm, to check the profile may be possible somehow? (OK, I admit, I've only been writing CLP for a few months, and I havent yet taken RPG (next semester hopefully!!) (BTW - I'm speaking of the TCP/IP FTP Server Logon exit, and the other is the FTP Server Request Validation exit (V4R3) Thanks jamie PS sorry to write so much, ... I think I may have drank too much coffee today!! ;-) +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
