May 24th, 2004, 07:44 PM
Shared front-end Web site and back-end Mainframe environment
If a service provider wants to do this for their clients by utilyzing anonymous FTP, what are the exposures/risks with sharing both the front-end Web site and the back-end Mainframe environment.
May 24th, 2004, 07:48 PM
I'm afraid you didnt post enough info to draw a proper conclusion.
Can you please re-post with more detail? The original is very vague.
May 24th, 2004, 07:50 PM
I don't think you want to allow anonymous ftp to a site with backend scripting, if that's what you mean. Any flaws in server side code can be viewed and exploited, I think that is what you are asking...?
May 24th, 2004, 08:36 PM
I am a newbie and am applying for a security analyst position where I currently work. I had an interview/discovery session on Friday and I was given a mock business case with the opportunity to address security concerns. I wasn't sure if this was an exposure but it was suggested I go to AO and see if anyone had any comments/thoughts on the issue.
It just didn't sound right that if we (the Bank) uses anonymous FTP to transmit data to the vendor and from the vendor back to us and if the front-end web server (of the vendor) and the back-end mainframe environment (of the vendor) was shared it just didn't sound right....
Especially when this occurs for the vendor's multiple clients, etc.