tnt400.com - AS/400 Tips And Techniques

Sponsored by news400.com

This page is a discussion on the mentioned topic.
Most of the answers are in their original posted form, including any technical/spelling/grammatical errors.
No guarantees are expressed or implied. :-)
Comments, corrections, concerns about this tip?

Got another AS/400 question? Ask it here

What's New?
See what's new at Tips-N-Tech.

AS/400 Tips-N-Tech
AS/400 tips, techniques, and FAQ. Updated frequently.
CODEPage/400
All the code samples you can eat! RPG, CL, DDS, etc. etc.
AS/400 FAQs
The official news400.com FAQs.






All AS/400 Tip Categories / Security / Securing the AS/400's FTP server

Question:

We would like to start the ftp server on our as400. We have some questions about security. Our system is on V3R7. How can we prohibit a user from starting FTP on his pc, log in by using his name and password and dowloading and/or uploading all the files he would like ? I did not find a possibility to use a exit pgm on the as400 for ftp. I,am i missing something ?

Answer(s):



You can use an exit program on the AS/400 for FTP security if you are on V3R2 or V3R7 or later release of the OS. If you do not have the exit program you may need to apply PTFs for it. You can write your own FTP exit program or several commercial products are available. We have one that you can review http://www.patownsend.com You are correct that any user with a PC can access the AS/400 with FTP. And if they have a user profile already they can get an FTP session, access to database files, and a command line. It is a security risk that you should look at. The AS/400 offers some object security, but this is inadequate for most AS/400 users.



Check these exit points: QIBM_QTMF_CLIENT_REQ QIBM_QTMF_SERVER_REQ You can also check the manual: OS/400 TCP/IP Configuration and Reference for more information hth



I would change the objects authority to something like QPGMR *ALL *PUBLIC *EXCLUDE - and don't assign the group profile (In this example QPGMR) to the user. They will not have access to any object on the AS/400. The initial program they use when starting from a green screen will need to be owned by QPGMR (or whatever group profile you choose to use). That authority will be adopted by your programs running so there won't be any problems from an application perspective - but nobody can get access to data from FTP without explicitly giving them authority.



Check out WRKREGINF, and the exit program QIBM_QTMF_SVR_LOGON which will allow you to reject certain users, or even map the entered user to another user (with different securtiry).




Other tips in this category:

Click here to see all categories.

Watching What A User Is Doing
Stopping Adopted Authority
Why are there no viruses on the AS/400?
Logging library creation/deletion
Client Access Security
Restrict Telnet Access
Trigger Programs and Adopted Authority
Fast Path for Object Authority Checking?
How to change authority on all documents in folder
Restricting ODBC access
Query/400 Security
FTP login rejected - why?
Securing the AS/400's FTP server
Reset QSECOFR password
Security Level 20 to Level 40
Changing CHGJOB to lock out psycho users
AS/400 Internet Security

You are at a news400.com site.
Contact Us | Report Bugs | Submit Comments/Suggestions | Read Site Use Agreement | Read Privacy Policy
Copyright © 2000 Duke Communications International.
This site is best viewed with the latest versions of Netscape or Internet Explorer, 800 x 600 resolution (or higher), and at least 256 colors.
Duke Communications   NEWS/400 | 29th Street Press | Business Finance | DominoPro | Selling AS/400 Solutions | SQL Server Magazine | Windows NT Magazine