LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (November 2003, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Fri, 14 Nov 2003 18:22:23 -0500
Reply-To:     Dwight Buffum <Dwight.Buffum@TARGET.COM>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         Dwight Buffum <Dwight.Buffum@TARGET.COM>
Subject:      Securing passwords in SAS code

We are running SAS V8.2 and SPD Server V3.0 on Solaris. Our table-driven
autoexec.sas startup routine assigns all of a user's normal SPDS librefs,
which require SPDS passwords. Some of the passwords are for read-write
SPDS IDs and should be concealed. The SAS log shows the LIBNAME statements
with X's replacing the passwords. The problem is how to let a user's
Solaris ID run our autoexec.sas routine without any of the following
occurring:
1. reveal a password in the SAS log (ECHOAUTO, SOURCE2, SYMBOLGEN, MPRINT).
2. user browse or read passwords used as input to autoexec.sas routine.


We think we can minimize the risk of revealing a password in the SAS log
by having a subroutine of the autoexec.sas routine generate Solaris
environment variables which appear in the generated LIBNAME statements
like: LIBNAME lib_spds SASSPDS 'domain' PASSWD="%SYSGET(PW_SPDS_RW)" ...;.


We request assistance in solving the remaining problem of securely
generating the environment variables for the passwords under the control
of the autoexec.sas routine being run by any user. We would also
appreciate any additional insights and guidelines on this subject.


Regards,


Dwight Buffum
MindTools, Inc.
SAS Alliance Partner
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu