|
Just make sure that you don?t enforce this with a simple compare of the first x bytes of the path - you have to resolve the dots. For instance, if Fred can get to "/home/fred" don't just check that the request path starts with "/home/fred" because you can pass the check by using mget "/home/fred/../../qsys.lib/production.lib/payroll.file/*.mbr" This is also a good test to see how good a commercial exit point package is. I know that NetIQ (formerly PentaSafe) will pass the test but I'm not so sure about all of the offerings that are being marketed. Kurt TriAWorks, Inc. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx Sent: Wednesday, August 11, 2004 4:24 PM To: Midrange Systems Technical Discussion Subject: Re: IFS directory visibility from FTP What I often do is have the user go directly into a subdirectory via my exit point program. Then I set it up so they can only upload from one directory, and download from another. They so much as try a CD or a DIR to a directory that's not down from one of those two, and it rejects the request. Rob Berendt -- Group Dekko Services, LLC Dept 01.073 PO Box 2000 Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com |-----------------------------+-------------------------------------------| | "James H H Lampert" | | | <jamesl@xxxxxxxxxxx> | | | Sent by: | To| | midrange-l-bounces@midrang| <midrang| | e.com | e-l@midr| | | ange.com| | 08/11/2004 04:13 PM | > | | | cc| | Please respond to | | | Midrange Systems | Fax to| | Technical Discussion | | | <midrange-l@xxxxxxxxxxx| Subject| | m> | IFS | | | director| | | y | | | visibili| | | ty from | | | FTP | | | | | | | | | | | | | | | | | | | |-----------------------------+-------------------------------------------| Is it possible to hide IFS directories that the user doesn't have access to, so they don't appear when listing the directory from FTP? -- JHHL -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
