LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (September 2010, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Mon, 13 Sep 2010 15:20:12 -0700
Reply-To:     "Sprague, Webb (OFM)" <Webb.Sprague@OFM.WA.GOV>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Sprague, Webb (OFM)" <Webb.Sprague@OFM.WA.GOV>
Subject:      Re: FW: [SAS-L] Detect if code has been changed in interactive
              mode
In-Reply-To:  A<AANLkTin_aKk7Z6vzJwt7QtEne+1BGiHwAPFRYOF410gW@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"


I am not sure if it would help, but often I have seen a source code file
(say "source.sas") shipped with an MD5 hash signature in a separate
file.  (http://en.wikipedia.org/wiki/MD5).  If the source code doesn't
match the signature you know it is altered, though you are unable to
determine how exactly.


> -----Original Message-----
> From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of
> Magnus Mengelbier
> Sent: Monday, September 13, 2010 2:22 PM
> To: SAS-L@LISTSERV.UGA.EDU
> Subject: Re: FW: [SAS-L] Detect if code has been changed in
interactive
> mode
>
> Hello Ya
>
> I have been through this discussion more than a few times. The most
> conservative solution is to only allow "official" outputs, e.g. Draft
> for
> review or Final, to be run in batch, which can be determined a few
> different
> ways.
>
> Experience from SAS Drug Development up until version 3.4, it is
> possible to
> determine if the submitted code is partial or full program. It is also
> possible to determine if the code has been modified prior to
execution.
> The
> approach relies on how SDD functions in the background in setting up
> executions and is easy to implement.
>
> As far as I am aware, there is no sure method in other SAS
applications
> that
> I have experienced to avoid someone running code from a parallel
> editor,
> changed code in the program, etc. I suppose it is possible to create
"a
> macro" that does a simple check but this can be circumvented unless
you
> control the entire outputs mechanism (read ODS statement or similar).
>
> I know of a few groups that use/used a "publish" macro that moved
> generated
> output to a "secure" location and thus used that as a gate for
ensuring
> that
> the output was generated by the goverened process and not hacked
> together by
> partial code submits.
>
> Hope this helps
>
>
> Magnus
>
> --
>
_______________________________________________________________________
> Magnus Mengelbier   (mmr@limelogic.com)
> Limelogic Ltd
> www.limelogic.com
>
> On 13 September 2010 23:07, Huang, Ya <Ya.Huang@amylin.com> wrote:
>
> > Hi Richard,
> >
> > Actually, what I'm concerned is that unless a SAS code is run in
> batch,
> > there seems no way
> > to prevent people from running an modified SAS code and generate
> certain
> > report, then
> > claim the report is generated by the official version of the SAS
> code.
> >
> > Think about this, a validate SAS program is opened up in DM, the
> program
> > name can be obtained
> > from dictionary.extfiles and used in footnote to show the report is
> > generated by this
> > program. But actually the code is modified before running, which
> means that
> > the actually
> > code generated the report is not the original version. Once can run
> this
> > way and not to save the
> > modifed the code, yet show the report is generated by the code.
> >
> > If there is a way to detect the change status, we can probably put
> > something is the
> > footnote to warn people, this report may not from the official
source
> code
> > version.
> >
> > Ya
> >
> >
> > -----Original Message-----
> > From: Richard DeVenezia [mailto:rdevenezia@gmail.com]
> > Sent: Monday, September 13, 2010 12:28 PM
> > To: Huang, Ya
> > Subject: Re: [SAS-L] Detect if code has been changed in interactive
> mode
> >
> > On Mon, Sep 13, 2010 at 12:53 PM, Ya Huang <ya.huang@amylin.com>
> wrote:
> > > Hi there,
> > >
> > > PC SAS, DM mode, is there a way we can detect the change status,
> before
> > > the code is saved? For example, we open up a piece of source code,
> change
> > > a few lines of it on enhanced editor, then submit for running.
> > >
> > > Even more tricky part is to detect if the code submiited is the
> whole
> > > code or just some of the lines that highlighted? (the code is not
> > changed)
> >
> > Ya:
> >
> > If you are worried about trashing good code with bad via an
overwrite
> > (been there, done that), consider an operating system solution. Look
> > for automatic versioning, also sometimes called journaling or
> > generations.
> >
> > One quick out is to tag those important source codes as read-only.
> >
> > Richard A. DeVenezia
> > http://www.devenezia.com
> >
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu