Your points are all valid but in this case the OP has a specific problem of auditing his production jobs. My guess is that his production does not know how to spell curl.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Wednesday, August 19, 2015 8:55 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AW: Q: FTP Exits On Wed, 19 Aug 2015 10:50:46 -0400, Steve Thompson wrote: > >And "interesting things" primarily requires writing a module with the >name (or Alias) of FTP, going a validation of the PARM data and/or the >contents of the INPUT dd, and then invoking FTP via an IBM provided >alias, etc. > And what prevents a user's invoking FTP directly via that "IBM provided alias" in order to bypass validation? Security by obscurity? Does the scheme work alike for FTP invoked: o As a batch job step? o As a TSO command? o As a UNIX shell command/ Do browsers and Curl participate in this scheme or do they have internal FTP interfaces which woulc likewise need to be modified? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN