When sending a file using FTP on MVS the userid and password may be exposed if you have the userid and password specified in the INPUT DD.
this is a JCL example:
//FTP EXEC PGM=FTP,PARM='(EXIT=08'
//SYSPRINT DD SYSOUT=*
//FTPTEMP DD DSN=PUBLIC.????.????,
// DISP=(NEW,CATLG,DELETE),
// DCB=(LRECL=80,BLKSIZE=0,RECFM=FB),
// STORCLAS=WORK,MGMTCLAS=WORK,
// SPACE=(TRK,(2,2),RLSE)
//OUTPUT DD SYSOUT=*
//INPUT DD *
supportftp.ca.com
Your.Support.Portal.login
mypassword
pwd
bin
dir
GET /???????/????????/files_from_ca/???????.BIN //DD:FTPTEMP
quit
/*
This exposure happens in one of 2 ways.
1)When you're editing the JCL(someone looking over your shoulder or you are doing a presentation).
2)Someone can see your userid/password or after you job completes and they use the SDSF command SJ. SJ will show the other person the JCL you submitted.
z/os
The userid and password are in a instream parm file that has no security.
Use the NETRC DD to store you userid/password. Make sure you use a dataset name that is only accessible to you.
This is a sample of the JCL:
//FTPFILE EXEC PGM=FTP,COND=(0,NE),
// PARM='supportftp.ca.com (EXIT=08'
//*
//*
//* This sample shows how to use FTP with the NETRC DD.
//* In this example we are sending a PTF to a issue's FTP path.
//*
//*
//* Check/Change:
//* 1) NetRC for new password
//* 2) DD FTPIN for input file to be sent
//*
//*
//SYSPRINT DD SYSOUT=*
//*SYSTCPD DD DISP=SHR,DSN=VTAM.TCPIP.TCPIP.DATA
//OUTPUT DD SYSOUT=*
//FTPIN DD DISP=SHR,DSN=my.input.file
//NETRC DD DISP=SHR,DSN=userid.CNTL(NETRC)
//INPUT DD *
//INPUT DD *
cd /???????/????????/files_from_broadcom
pwd
bin
sendsite
PUT //DD:FTPIN OUT.bin
quit
/*
//
//* this is what is in NETRC userid.cntl(NETRC)
//* put this information in a file that only you have access to.
//* firstname.lastname is your Userid and mypassword is your password
MACHINE supportftp.broadcom.com
LOGIN [email protected] PASSWORD mypassword