|
Speaking strictly for myself (and intending to send a few notes on this), I believe the correct behavior in this situation is for the FTP server to determine if proper authorization exists for the client (that is, proper authority to the library etc.) and then having the server adopt whatever authority is necessary for it to provide the function. In its current implementation, this could be adopting authority sufficient to run QSYS/CRTPF (but as this usage of CRTPF is not documented (that I can find) it should be transparent to the user). The end user interface should remain the same from one release to another. Bruce Vining > >I don't know what we're disagreeing on - what you said is exactly the >point I was making. IBM should _NOT_ be using CRTPF - especially not the >QSYS qualified version - for the FTP PUT command. It _IS_ a security >loophole, and one that was introduced somewhere between V3R2 and V4R2. >But I _WOULD_ expect that the interface (from the FTP client's point of >view) remains the same from one release of OS/400 to the next. > +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
