LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (June 2008, week 4)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Sun, 22 Jun 2008 00:37:09 -0700
Reply-To:     RolandRB <rolandberry@HOTMAIL.COM>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         RolandRB <rolandberry@HOTMAIL.COM>
Organization: http://groups.google.com
Subject:      all your sas macros can be hacked
Comments: To: sas-l@uga.edu
Content-Type: text/plain; charset=ISO-8859-1


You would be surprised to see how easy it is to hack your sas macros.
There are macros called "old-style macros" that have been part of the
sas language for a long time that can be used to substitute code. And
you can use views to insert malicious code inside your production
macros. If your macros are doing something important like dealing with
money or doing regulatory work then you had better make sure your
macros can not be hacked. I explain how hacking can be done using old-
style macros and using views on the following page. I explain how you
can guard against it. I have just updated the page to show an anti-
hack attempt that will not work. It explains why.


http://www.datasavantconsulting.com/roland/hacking.html


If anyone wants me to do work on their production macros to hopefully
eliminate all attempts at hacking then I am available from the start
of August 2008.
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu