Re: FTP Exit pgms -- MIDRANGE-L

Jamie,

If you are into writing your own FTP exit programs you can check out
some examples in a couple of places. The AS/400 FTP reference manual
will have some examples (this should be on your AS/400 softcopy CD). The
last time I looked there were also some examples on the AS/400 web site.
Search for "exit point" and you should find them.

If you are interested in a commercial product that already does what you
want take a look at our Alliance FTP Security product:
http://www.patownsend.com

Patrick

Jamie Pratt wrote:
> 
> Hi everyone... - since the subject of FTP seems to have popped up
> again, I was wondering if anyone could offer any help on these exit
> pgm animals.
> 
> Here is the current situation (and problem!):
> 
> We have all our normal users using a group profile, which apparently
> was set up like this long ago, as I understand it. It was (still is) a
> menu-driven security type of setup, built long before the days of
> TCP/IP on the 400, so not much care was taken in designing
> application/file security, and as a result, this group profile has
> full authority to all the data that (*change on objs, *all on dta??
> -- not sure exactly, "AS/400 object/file security" is not really my
> bag, but TCP/IP is, so that is why I have been asked to do this)
> resides in files in all our prod libs. ---- Not good at all in the FTP
> world, I know, I know, and have let them know of this (huge!) security
> hole many times before.  (Worse, this system does not have any
> auditing on (as far as I can tell, anyways... like I said, security
> really isnt my bag!), so probably noone would even know who trashed
> these files if it were to happen via FTP by one of these group
> members!!)
> 
> I really need to somehow restrict certain FTP subcommands on certain
> libs, as well as restrict access to certain libs altogether for all
> members of this group profile.    As I see it now, you can only
> retrieve the *USRPRF within the exit pgm..... (actually it's an input
> parm, but you know what I mean!..)  .... I would hate to have to code
> hundreds of usrprfs in there, just to restrict certain access to all
> members of this group!!   Also, since all the  *usrprfs within this
> group start with different letters (i.e. SMITHJ, JONESH,RICHARDSL,
> etc, etc),  I cannot simply %SST the &USRPRF variable to check for
> certain strings within the exit pgm --- which I imagaine would work
> great, if all the profiles started with the same couple letters!...
> 
> Any ideas?  I'm thinking now that maybe by calling another pgm within
> the exit pgm, to check the profile may be possible somehow?  (OK, I
> admit, I've only been writing CLP for a few months, and I havent yet
> taken RPG (next semester hopefully!!)
> 
>  (BTW - I'm speaking of the TCP/IP FTP Server Logon exit, and the
> other is the FTP Server Request Validation exit  (V4R3)
> 
> Thanks
> jamie
> 
> PS sorry to write so much, ... I think I may have drank too much
> coffee today!!  ;-)
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---

-- 
IBM AS/400 communications, FTP automation, and network security
software and consulting services.

http://www.patownsend.com

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---