× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



STill may not be being transferred as G092KMB....

Even if she logs into the 5250 signon screen as G092KMB, the file transfer
is completely separate. There's no functionality in the 5250 protocol for
file transfers. The emulation client you're using just makes life easier
by providing a button in the app to start the transfer.

Actually, when dealing with 5250 emulation, there's a TCP/IP level
connection started using one set of credentials before you even see the
5250 signon screen. Usually, the same credentials are used. But they
don't have to be. IBM's emulation product provides an option to "by-pass
signon" and the TCP/IP credentials are used automatically to start the 5250
session. That's actually more secure as by default the TCP/IP credentials
are encrypted but the 5250 credentials passed on the green signon screen
are not. (Remember the 5250 protocol is rooted in "dumb" hardwired
terminals)

That TCP/IP level set of credentials may be her windows username/password;
especially if she doesn't see any GUI credential prompts. Though it's also
possible that the emulator is using a saved username / password.


On Tue, Sep 30, 2014 at 10:39 AM, Alex Mavrogeorge Sr <
amavrogeorge@xxxxxxxxxx> wrote:

By the way... based on connecting to her machine via teamviewer and
watching how she logs in, and from the main screen AS G092KMB she is
uploading the particular file.. there is nothing that leads me to believe
the system is picking up any other "user" trying to access that library
list file.

Weird at best

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Charles Wilt
Sent: Tuesday, September 30, 2014 10:28 AM
To: Midrange Systems Technical Discussion
Subject: Public authority (was Re: upload file error)

On Tue, Sep 30, 2014 at 10:04 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:


I don't want to sound like a jerk but I come by it naturally :-)
*PUBLIC is everybody in the universe, not just the 3 users in that
portion of the company. If I had your machine's IP address, I could
almost certainly read and modify the contents of that file from here.
--buck


​Not quite...let's not panic the guy Buck!...

*PUBLIC is every user profile on the machine that doesn't have explicit
private authorities. So anybody with credentials on the machine can modify
that file now.

So it'd take Buck more than just knowing the IP of the machine, even
assuming it's not behind a firewall. He'd have to know or be able to guess
a valid user profile/ password combination.

​Hopefully ​you don't have any default passwords, where the password = user
ID. You can check by doing, GO SECTOOLS and selecting option 1 = Analyze
default passwords.

Then there are anonymous services, such as FTP or the Netserver "Guest"
account. Anonymous FTP isn't allowed by default, you have to have create
or buy an FTP exit point program to enabled it.

http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaiq/rzaiqftpanon.htm

You can check for exit programs via
WRKREGINF EXITPNT(QIBM_QTMF_SVR_LOGON)

Look at the line
Current number of exit programs . . . : 0

The "Guest" netserver account is basically a generic account used by the
IBM SMB (windows) file server. It's used when a windows users tries to
access a IBM i Netserver file share and there isn't a matching IBM i user
ID. Again, it is not enabled by default. You'd need to use the IBM
i Navigator GUI to see if it is enabled.

http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahl/rzahlguestprofs.htm

Charles
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.