Date: Mon, 8 Jun 2009 14:27:23 -0400
Reply-To: Gerhard Hellriegel <gerhard.hellriegel@T-ONLINE.DE>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Gerhard Hellriegel <gerhard.hellriegel@T-ONLINE.DE>
Subject: Re: Protect user id and password
Very good paper, in deed!
What I don't understand fully is the "Password Paradoxon" in the appendix.
Leave a key under the footmat to oben a postbox which contains the key for
the house door... I think that is not the right picture! The house door
lets you do everything inside, a program should only open one room to
fetch a certain thing there. For that it needs a key, but the way through
the house is restricted (only that what the program does). The goal is,
not to show the password, which opens the whole database and lets you do
everything (the problem might not be that, but all is done under a certain
user-id / pw and you can't identify the real user any more. uid/pw are
the person's identification).
So the users of a certain program which does the selection of the data CAN
get that data, but nothing else.
I once wrote a thing which accessed (SAS) data via 3 different views. That
views had individual selection criteria and fetched the read-password
protected (selected) data. The read-password was created after the batch-
recreation of the dataset and written to a dataset without access for the
users (RACF protected). With each new pw the views were recreated with the
actual pw. Nobody knowed that pw's and that's not necessary. The dataset
where the pw's are stored is only for recovery purposes, if a view is
corrupted. It's not really necessary, cause the view "know" the right pw
and the access is possible.
Maybe that view technique could also be a way to access DB tables...
Gerhard
On Mon, 8 Jun 2009 13:31:45 -0400, Michael Raithel
<michaelraithel@WESTAT.COM> wrote:
>Dear SAS-L-ers,
>
>Alex S. posted the following:
>
>> -----Original Message-----
>> Hi All,
>> I am using SAS and Teradata on unix box for my
>> reportings. I have to use my user id and password in SQL
>> passthrough. if someone (within my team) opens my code, they
>> can see my user id and password.I dont want any one to see my
>> password.
>>
>> Is there any solution for this?
>>
>> Thanking you in advance.
>>
>Alex, in addition to Murphy's excellent suggestion, you might consider
this SAS Global Forum 2009 paper:
>
>Secret Sequel: Keeping Your Password Away From the LOG, by Paul D Sherman
and Art Carpenter
>
>http://support.sas.com/resources/papers/proceedings09/013-2009.pdf
>
>Not only did I enjoy Paul's presentation, I have a copy of it on my
office table... see-right over there underneath Ed Hughes et al's
Exploring System Performance with SAS Simulation Studio.
>
>Alex, best of luck in all of your SAS endeavors!
>
>
>I hope that this suggestion proves helpful now, and in the future!
>
>Of course, all of these opinions and insights are my own, and do not
reflect those of my organization or my associates. All SAS code and/or
methodologies specified in this posting are for illustrative purposes only
and no warranty is stated or implied as to their accuracy or
applicability. People deciding to use information in this posting do so at
their own risk.
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>Michael A. Raithel
>"The man who wrote the book on performance"
>E-mail: MichaelRaithel@westat.com
>
>Author: Tuning SAS Applications in the MVS Environment
>
>Author: Tuning SAS Applications in the OS/390 and z/OS Environments,
Second Edition
>
>http://www.sas.com/apps/pubscat/bookdetails.jsp?catid=1&pc=58172
>
>Author: The Complete Guide to SAS Indexes
>
>http://www.sas.com/apps/pubscat/bookdetails.jsp?catid=1&pc=60409
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>A good listener is usually thinking about something else. - Kin Hubbard
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| 
