On Wed, 11 Jul 2007 15:00:04 -0500, McKown, John <[EMAIL PROTECTED]> wrote:
>I'm working on a program, in Java, as a learning process. One feature >that it will have is the ability to do ftp transfers. One of the >parameters that is set is whether the ftp target is z/OS (targetting >either legacy datasets or UNIX files), UNIX-like, or Windows-like. If >the ftp target is z/OS, should I bother doing some >validation/preprocessing of the userid and password? In particular, >should I upcase the userid and check it for validity? The same for the >password? I'm thinking "no" for the password due to the recent updating >of RACF to accept lower case passwords as well as very long password >phrases (or whatever they're calling them now). > >But the userid remains a question. Should I "help" the user by double >checking for possible bad userids (too long, bad characters), assuming >that the userid criteria in RACF is unlikely to ever change? Or should I >just pass along whatever the user types in without any validation so >that the program does not need to worry about any possible future RACF >enhancements? > No. As you have noted, it stifles innovation. Possible misunderstanding by the implementor of the rules leads to undue restrictions. By a crude experiment, on some hosts I can't do "quote SYST" to determine the remote system type until after a successful login. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
