× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 1998

RE: FTP server authority issue

  • Subject: RE: FTP server authority issue
  • From: Tim McCarthy <TimM@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 20 Oct 1998 11:22:38 -0400
 
Bruce, if you come across any further info on this I would really
appreciate a copy. The customer is somehow holding me responsible for
this quirk (because they use our FTP client product) and no amount of
explaining seems to convince them that this is a server issue - frankly
they don't understand the difference between the client and server
functions anyway, and hey maybe they shouldn't have to.

Thanks. 

> -----Original Message-----
> From: bvining@VNET.IBM.COM [SMTP:bvining@VNET.IBM.COM]
> Sent: Tuesday, October 20, 1998 9:51 AM
> To:   MIDRANGE-L@midrange.com
> Subject:      FTP server authority issue
> 
> Speaking strictly for myself (and intending to send a few notes on
> this), I believe the correct behavior in this situation is for the FTP
> server to determine if proper authorization exists for the client
> (that
> is, proper authority to the library etc.) and then having the server
> adopt whatever authority is necessary for it to provide the function.
> 
> In its current implementation, this could be adopting authority
> sufficient to run QSYS/CRTPF (but as this usage of CRTPF is not
> documented (that I can find) it should be transparent to the user).
> The
> end user interface should remain the same from one release to another.
> 
> Bruce Vining
> 
> >
> >I don't know what we're disagreeing on - what you said is exactly the
> >point I was making. IBM should _NOT_ be using CRTPF - especially not
> the
> >QSYS qualified version - for the FTP PUT command. It _IS_ a security
> >loophole, and one that was introduced somewhere between V3R2 and
> V4R2.
> >But I _WOULD_ expect that the interface (from the FTP client's point
> of
> >view) remains the same from one release of OS/400 to the next.
> >
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
> MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
> david@midrange.com
> +---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.