× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2000

Re: FTP question

  • Subject: Re: FTP question
  • From: "Richard J. Serrano" <rjs@xxxxxxxxxxxx>
  • Date: Tue, 29 Feb 2000 17:06:47 -0800
  • Organization: Palace Guard software
 
Agreed: It does take a valid user id & password to log onto the AS/400 through 
FTP.
BUT, when 86% of theft or misuse of data is attributed to the "authorized user" 
with a valid
user id & password, they are more of a security threat than anyone cares to 
admit.

Disagree: Appropriate object authority to the file(s) being accessed is needed.
Using FTP, an authorized user has unabated access to ALL objects on the AS/400. 
Try it.
Set up a test profile, with a valid user id & password, but grant NO authority 
to anything on
the 400.
Then, use FTP through DOS, as outlined, and see what happens... Access to the 
whole enchilada...

Again, JMHO

Rich




----- Original Message -----
From: Sims, Ken <KSIMS@SOUTHERNWINE.com>
To: <MIDRANGE-L@midrange.com>
Sent: Tuesday, February 29, 2000 4:14 PM
Subject: Re: FTP question


> Hi Richard -
>
> >Date: Tue, 29 Feb 2000 14:18:30 -0800
> >From: "Richard J. Serrano" <rjs@pgsas400.com>
> >Subject: Re: FTP question
> >
> >Whoa!
> >
> >Doesn't this outline, step-by-step, how to "backdoor" an AS/400
> >from a PC? Perhaps a bit more discretion and security awareness
> >should be exercised before posting something like this?
>
> Huh???????
>
> It still takes a valid user-id and password to log on to the AS/400 through
> FTP, and the appropriate object authority to the file(s) being accessed.  I
> wouldn't call that a "back door".
>
> Ken
> Southern Wine and Spirits of Nevada, Inc.
> Opinions expressed are my own and do not necessarily represent the views of
> my employer or anyone in their right mind.
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---
>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.