Tommy,
Do you try some of the stuff you recommend? :-)
Someone who is disabled cannot use ftp. I just tried it. Soon as I ran
CHGUSRPRF USRPRF(DUMMY) STATUS(*ENABLED) they were able to ftp.
INLMNU(*SIGNOFF) isn't a bad idea.
LMTCPB(*YES) is probably a good idea unless that user profile needs to
fire off commands from ftp like QUOTE RCMD ...
IBM only started respecting LMTCPB with ftp some releases back. ODBC and
others still don't restrict commands based on the value of LMTCPB.

Is anonymous ftp really that bad? Think about it. There's probably a
million sites that support it. Including IBM. The big thing about ftp is
to NOT allow upload and download from the same directory. That's what the
hackers are looking for. We have different directories for upload from
download. What's the thrill of putting naughty stuff or music on a site
if you can never retrieve them - ever? Can you do a DOS attack? Probably
but, again, there are techniques (remember, lots of anonymous ftp is out
there). When you use FTP your exit point takes the anonymous id and
assigns it to a real id. That real id can have a MAXSTG assigned to it.
Maybe anonymous ftp is more secure? After all, can you use that same
anonymous id for 5250, ODBC, etc? Not unless you specifically grant it
with exit points. However, can you use a regular WRKUSRPRF id for all
those applications? Yes, unless you specifically DENY it with exit
points. The outside people who use our ftp site are not given id's that
you can find with WRKUSRPRF. They are given id's that are mapped to an id
(or id's) that you can find with WRKUSRPRF. So you could sign on as
tommy@xxxxxxxxxxxxx with some assigned password and that might be mapped
to XYZ00001.


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.