[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Exit points

From: "Dennis Lovelady" <iseries@xxxxxxxxxxxx>
To: "'HTTPAPI and FTPAPI Projects'" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Exit points
Date: Thu, 30 Sep 2010 05:07:27 -0400

Scott, thanks for your reply, and I quite agree with you!  This is road well
traveled between me and the other team involved.  This is the same group
that has completely disabled all CPYSRCF capability via public authority for
God knows what reason, blind to the fact that CPYF can accomplish the same
end.  I cannot use option 3 on a PDM screen to copy a source member, but I
can create a new source member and then copy the original into that.  This
is just one clear example of the knowledge base and need for control from
that group.

They want their bankey.  If it makes them comfortable and makes them feel
like they're in control, then so be it.  You are welcome to take that battle
up with that team - I'll provide phone numbers.

My goal was not to seek permission, it was to find out how to provide that
bankey.  I will have a look at the easy400 suggestion later today.

Dennis Lovelady
http://www.linkedin.com/in/dennislovelady
--
"United Nations: Where America feeds the hands that bite it."
        -- Gregory Nunn

> Quite honestly, I don't see "securing" a client program to be a means
> of
> providing security.  That goes double for one that's open source, where
> the user can go in and change the way it calls the exit point!
> 
> 1) What's to stop the user from downloading/installing another FTP
> client program?  (None of the ones in PASE understand exit points!)
> 
> 2) On your Windows or Linux box (where FTP software is easy to come by)
> would you rely on an exit point if such a thing existed?   When the
> user
> can easily download and install another program?  Wouldn't you think
> the
> whole idea of an exit point is kinda silly?
> 
> 3) Unlike the IBM client, FTPAPI is designed for use only from a
> computer program.  i.e., a user will never use it directly, and it's
> operation will always be automated by a programmer's RPG program.
> Given
> that, isn't the security supposed to be provided by the program that
> calls FTPAPI?  Rather than FTPAPI itself?
> 
> 4) If you add exit point support to FTPAPI, what's to stop a programmer
> from writing their own FTP client and bypassing the exit points that
> way?
> 
> I guess, to me, there's a pretty big difference between a tool designed
> for the user to use, and a tool designed only as an API to be called
> from programs.
> 
> Having said all of that...  if you really want to integrate it with the
> IBM exit point system, feel free to write the code and contribute it
> back to the project.
> 
> 
> On 9/29/2010 6:56 PM, Dennis Lovelady wrote:
> >
> >     Hi, folks, this is my first post here.
> >
> >
> > As a preface, I have searched the archives for "exit program" and for
> QIBM_QTMF
> > _CLIENT_REQ and for PowerLock with not much result.
> >
> > There was a question from someone in 2004 asking why settings in
> PowerLock have
> >   no apparent effect on FTPAPI.  Apparently the poster didn't know
> how PowerLock
> >   works (or how it doesn't, in this case).  Answer: PowerLock control
> is install
> > ed at the QIBM_QTMF_CLIENT_REQ exit point.
> >
> > Until I started working with FTPAPI very recently, I had assumed that
> IBM someh
> > ow tied that exit point to the FTP ports. (Naive, now I think about
> it.)  Appar
> > ently instead, the FTP client program itself makes the necessary
> hooks.
> >
> > I mentioned on another list that our auditors wouldn't allow this
> program on on
> > e of the main systems I work with since it seems to lack the kind of
> control th
> > at they want (for example, some users can GET, some can PUT or GET,
> and some ca
> > n only do DIR operations).  (This is all managed by PowerLock
> controls at this
> > point.)
> >
> > So my question is, Have any on this list made an attempt to fit the
> IBM exit po
> > ints with FTPAPI? (I have no clue how that would be done, nor if it
> even *can*
> > be done in a supported manner.)  I'd love to use this decidedly
> better solution
> >   but am stymied except on my development machines.
> >
> > I appreciate your responses.
> >
> >
> >     Dennis E. Lovelady
> >     AIM/Skype: delovelady      MSN: fastcounter@xxxxxxxxxxxx
> >     [1]www.linkedin.com/in/dennislovelady --
> >     "Since I moved to suburbia I found out the purpose of those
> railroad
> >     timetables.  Without them there would be no way of knowing how
> late
> >     your train is."
> >            -- Gregory Nunn
> >
> > References
> >
> >     1. http://www.linkedin.com/in/dennislovelady
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> --
> > This is the FTPAPI mailing list.  To unsubscribe, please go to:
> > http://www.scottklement.com/mailman/listinfo/ftpapi
> > ---------------------------------------------------------------------
> --
> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- RE: Exit points
  - From: Mike Krebs
- Re: Exit points
  - From: Scott Klement

References:
- Exit points
  - From: Dennis Lovelady
- Re: Exit points
  - From: Scott Klement

Prev by Date: Re: RE: Exit points
Next by Date: RE: Exit points
Previous by thread: Re: Exit points
Next by thread: RE: Exit points
Index(es):
- Date
- Thread