|
Great point. ÂI'll have to code that fix. If NetIQ had the flexibility that I needed I'd use it in a heartbeat. ÂBut it doesn't support passwords more than 10 characters. ÂAnd several other tricks that we've done over the years, (like a second file really means process the first). Rob Berendt -- Group Dekko Services, LLC Dept 01.073 PO Box 2000 Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com |-----------------------------+-------------------------------------------| | "Kurt Goolsbee" | | | <kurt.goolsbee@xxxxxxxxxxx| | | om> | To| | Sent by: | "'Midra| | midrange-l-bounces@midrang| nge | | e.com | Systems| | | Technic| | 08/11/2004 05:09 PM | al | | | Discuss| | Please respond to | ion'" | | Midrange Systems | <midran| | Technical Discussion | ge-l@mi| | <midrange-l@xxxxxxxxxxx| drange.| | m> | com> | | | cc| | | | | | Fax to| | | | | | Subject| | | RE: IFS| | | directo| | | ry | | | visibil| | | ity | | | from | | | FTP | | | | | | | | | | | | | | | | | | | |-----------------------------+-------------------------------------------| Just make sure that you donât enforce this with a simple compare of the first x bytes of the path - you have to resolve the dots. ÂFor instance, if Fred can get to "/home/fred" don't just check that the request path starts with "/home/fred" because you can pass the check by using mget "/home/fred/../../qsys.lib/production.lib/payroll.file/*.mbr" This is also a good test to see how good a commercial exit point package is. I know that NetIQ (formerly PentaSafe) will pass the test but I'm not so sure about all of the offerings that are being marketed. Kurt TriAWorks, Inc. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx Sent: Wednesday, August 11, 2004 4:24 PM To: Midrange Systems Technical Discussion Subject: Re: IFS directory visibility from FTP What I often do is have the user go directly into a subdirectory via my exit point program. ÂThen I set it up so they can only upload from one directory, and download from another. ÂThey so much as try a CD or a DIR to a directory that's not down from one of those two, and it rejects the request. Rob Berendt -- Group Dekko Services, LLC Dept 01.073 PO Box 2000 Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com |-----------------------------+-------------------------------------------| |  "James H H Lampert"    |                      | |  <jamesl@xxxxxxxxxxx>   Â|                      | |  Sent by:         Â|                     To| |  midrange-l-bounces@midrang|                  <midrang| |  e.com           |                  e-l@midr| |               |                  ange.com| |  08/11/2004 04:13 PM    |                  >    | |               |                     cc| |     Please respond to  |                      | |     Midrange Systems  Â|                   Fax to| |    Technical Discussion Â|                      | |   Â<midrange-l@xxxxxxxxxxx|                  ÂSubject| |        Âm>      |                  IFS   | |               |                  director| |               |                  y    | |               |                  visibili| |               |                  ty from | |               |                  FTP   | |               |                      | |               |                      | |               |                      | |               |                      | |               |                      | |               |                      | |-----------------------------+-------------------------------------------| Is it possible to hide IFS directories that the user doesn't have access to, so they don't appear when listing the directory from FTP? -- JHHL -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
