|
Apparently there are the following:
FTPS (not in use here and no plans)
SFTP
FTP (plain)
FTP (with encrypted authentication)
We're getting a security ding because we still have a few people using
plain ftp without even the encrypted authentication.
Apparently the big concern is that, even if you feel the data being
transferred does not really need to be secured (perhaps you only download
company brochures for example) you should encrypt the user id and password
used to log into the ftp site. And, yes, our site has users other than
anonymous and data other than company brochures.
It's a simple change of the parameter in Go Anywhere to "Force Encrypted
Authentication".
My concern is that will change the behavior of many clients and stop them.
Our biggest exchange is another lpar using plain scripted ftp from IBM i.
Would I have to change that to use SECCNN(*IMPLICIT) on the FTP command?
Do I have to set up something else on the client, like store a certificate
or something or is that just done automatically?
IDK what clients our other partners are using. If, for example, they are
using the PC DOS command line's ftp client, I don't see a parameter on
that ftp command to match SECCNN(*IMPLICIT). If they use a browser for
their ftp client will that handle this?
Some clients may be ok. I think the default on FileZilla is "Use explicit
FTP over TLS if available".
I probably could get us excepted from this ding, but if it can be done
without any disruption I'd like to appear as working with them.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.