Encoding the Password



Similar documents
Encryption in SAS 9.2

SAS Data Set Encryption Options

Technical Paper. Defining an ODBC Library in SAS 9.2 Management Console Using Microsoft Windows NT Authentication

An Introduction to SAS/SHARE, By Example

Automation of Large SAS Processes with and Text Message Notification Seva Kumar, JPMorgan Chase, Seattle, WA

Defining an OLEDB Library in SAS Management Console Using Windows Authentication

You have got SASMAIL!

ODBC Chapter,First Edition

Encryption in SAS 9.4 Fifth Edition

Analyzing the Server Log

Communications Access Methods for SAS/CONNECT 9.3 and SAS/SHARE 9.3 Second Edition

White Paper BMC Remedy Action Request System Security

Define an Oracle Library in SAS Management Console

Backup/Restore Microsoft SQL Server 7.0 / 2000 / 2005 / 2008

9.1 SAS. SQL Query Window. User s Guide

SAS 9.4 PC Files Server

Data Protection on Progress Databases and Progress 4GL Environment

Encryption Services. What Are Encryption Services? Terminology. System and Software Requirements APPENDIX 5

An macro: Exploring metadata EG and user credentials in Linux to automate notifications Jason Baucom, Ateb Inc.

Comparing the Effectiveness of Penetration Testing and Static Code Analysis

LISTSERV LDAP Documentation

Overview. NT Event Log. CHAPTER 8 Enhancements for SAS Users under Windows NT

Be a More Productive Cross-Platform SAS Programmer Using Enterprise Guide

Encryption in SAS 9.3 Second Edition

SAS 9.3 Drivers for ODBC

CHAPTER 1 Overview of SAS/ACCESS Interface to Relational Databases

PharmaSUG Paper QT26

SQL Pass-Through and the ODBC Interface

SAS/ACCESS 9.3 Interface to PC Files

Accessing a Microsoft SQL Server Database from SAS on Microsoft Windows

Counting the Ways to Count in SAS. Imelda C. Go, South Carolina Department of Education, Columbia, SC

DOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS

Thierry ZOLLER Principal Security Consultant

1 of 10 1/31/2014 4:08 PM

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6

9.1 SAS/ACCESS. Interface to SAP BW. User s Guide

Automated distribution of SAS results Jacques Pagé, Les Services Conseils HARDY, Quebec, Qc

Labels, Labels, and More Labels Stephanie R. Thompson, Rochester Institute of Technology, Rochester, NY

Accessing a Remote SAS Data Library. Transcript

Access to Relational Databases Using SAS. Frederick Pratter, Destiny Corp.

Using SAS/IntrNet as a Web-Enabled Platform for Clinical Reporting

SAS 9.2 Drivers for ODBC: User's Guide Second Edition

Search and Replace in SAS Data Sets thru GUI

Configuring an Alternative Database for SAS Web Infrastructure Platform Services

Connect to MySQL or Microsoft SQL Server using R

SUGI 29 Coders' Corner

DigiVault Online Backup Manager. Microsoft SQL Server Backup/Restore Guide

Effective Use of SQL in SAS Programming

SAS 9.3 Intelligence Platform

Configuring and Monitoring Citrix Branch Repeater

SAS Client-Server Development: Through Thick and Thin and Version 8

Technical Paper. Migrating a SAS Deployment to Microsoft Windows x64

SAS/IntrNet 9.4: Application Dispatcher

9.1 Supplement for SAS/ACCESS. Microsoft SQL Server. SAS/ACCESS for Relational Databases

Instant Interactive SAS Log Window Analyzer

Leveraging the SAS Open Metadata Architecture Ray Helm & Yolanda Howard, University of Kansas, Lawrence, KS

Paper An Introduction to SAS PROC SQL Timothy J Harrington, Venturi Partners Consulting, Waukegan, Illinois

Using SAS With a SQL Server Database. M. Rita Thissen, Yan Chen Tang, Elizabeth Heath RTI International, RTP, NC

Define ODBC Database Library using Management Console

Paper FF-014. Tips for Moving to SAS Enterprise Guide on Unix Patricia Hettinger, Consultant, Oak Brook, IL

FileMaker 14. ODBC and JDBC Guide

SAS PROGRAM EFFICIENCY FOR BEGINNERS. Bruce Gilsen, Federal Reserve Board

SAS Enterprise Guide A Quick Overview of Developing, Creating, and Successfully Delivering a Simple Project

UNIX Operating Environment

EXTRACTING DATA FROM PDF FILES

Producing Structured Clinical Trial Reports Using SAS: A Company Solution

Communications Access Methods for SAS/CONNECT 9.4 and SAS/SHARE 9.4 Second Edition

Improving Your Relationship with SAS Enterprise Guide

Using the SQL TAS v4

SAS Scalable Performance Data Server 5.1

Advanced Tornado TWENTYONE Advanced Tornado Accessing MySQL from Python LAB

Release Notes For Versant/ODBC On Windows. Release

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

A Recursive SAS Macro to Automate Importing Multiple Excel Worksheets into SAS Data Sets

Importing Excel Files Into SAS Using DDE Curtis A. Smith, Defense Contract Audit Agency, La Mirada, CA

SAS Visual Analytics 7.1 for SAS Cloud. Quick-Start Guide

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

ODBC Client Driver Help Kepware, Inc.

ABSTRACT THE ISSUE AT HAND THE RECIPE FOR BUILDING THE SYSTEM THE TEAM REQUIREMENTS. Paper DM

More Tales from the Help Desk: Solutions for Simple SAS Mistakes Bruce Gilsen, Federal Reserve Board

Configuring and Monitoring Hitachi SAN Servers

Tales from the Help Desk 3: More Solutions for Simple SAS Mistakes Bruce Gilsen, Federal Reserve Board

Linking Access to SQL Server

Managing very large EXCEL files using the XLS engine John H. Adams, Boehringer Ingelheim Pharmaceutical, Inc., Ridgefield, CT

AS DNB banka. DNB Link specification (B2B functional description)

CDW DATA QUALITY INITIATIVE

Managing Tables in Microsoft SQL Server using SAS

Chapter 23. Database Security. Security Issues. Database Security

ADO and SQL Server Security

SQL Server Automated Administration

SAS 9.4 Intelligence Platform

Using Macros to Automate SAS Processing Kari Richardson, SAS Institute, Cary, NC Eric Rossland, SAS Institute, Dallas, TX

Transcription:

SESUG 2012 Paper CT-28 Encoding the Password A low maintenance way to secure your data access Leanne Tang, National Agriculture Statistics Services USDA, Washington DC ABSTRACT When users access data in a remote database through the SAS application, the valid database user ID and password are required. One method for granting user access is to create a login ID for each user in each database. Doing so requires the maintenance of the login ID for each user on each remote database and is subject to the risk of exposing the user in the SAS programs. This paper is going to present a simple solution to overcome the security concerns by using the Application Login ID for accessing databases. Then we encode the Application Password by using the PROC PWENCODE procedure. By implementing the Application Login ID on the database and encoding the Application Password in the SAS program we can eliminate the maintenance of individual user login accounts on the databases and disguise the from to be revealed as clear text in the SAS programs. INTRODUCTION In our organization, most data are stored in the remote relational database. Users need to access the database to query data for analysis in the SAS applications. The database we need to access is an analytical database with only select access granted to the users. The database stores data from different organizational units and for different projects. In order to allow users accessing their data from the SAS application in a simple and secure way, the following four steps are carried out: 1. Create an Application Login ID and Password in the database for the SAS application. 2. Run the PROC PWENCODE procedure to encode the password and save the encoded password in a file. 3. Every time users invoke the SAS application, the encoded password is retrieved for connecting to the remote database. 4. Based on the user s organizational unit, a set of data is queried for analysis. This paper will focus on the PROC PWENCODE procedure and its options. PROC PWENCODE SYNTAX AND EXAMPLES The PWENCODE procedure enables you to encode. Encoded can be used in place of plain text in SAS programs that access remote databases and various other servers. Here is the syntax for PROC PWENCODE from the SAS OnlineDoc: PROC PWENCODE IN = 'password' <OUT=fileref> <METHOD=encodingmethod>; There are two options and 3 different parameters available for the procedure. The <OUT=fileref> is used to specify a file reference for the encoded password. To capture the encoded password in an external file use the <OUT=fileref> option. Otherwise, the encoded password will be output to the SAS log. There are three encoding methods for PROC PWENCODE listed in the table 1 below. The {sas001} and {sas002} are available with base SAS but {sas003} requires a separate license. If the method option is omitted, the default encoding method, {sas002}, is used automatically. Table 1. The Three Encoding Methods for PROC PWENCODE from SAS Online Doc: 1

Encoding Method sas001 Sas002 (or sasenc) sas003 Description Uses base64 to encode Uses a 32-bit key to encode Uses a 256-bit key to encode Supported Data Encryption Algorithm None default SAS Proprietary, which is included in SAS software. AES (Advanced Encryption Standard), which is supported in SAS/SECURE The following three examples are going to demonstrate the use of PROC PWENCODE and the options. Example One, the Core Program: In this first example, we are encoding the password, mypassword, using PROC PWENCODE with no options specified. PROC PWENCODE IN='myPassword'; After executing the program, a long string of the encoded password is output to the SAS Log. Notice at the beginning of the string, {sas002}, this is a tag automatically attached to the string of the encoded password. The tag is used for SAS Server to recognize the encoded string and to identify the decoding method for interpreting the string. Since we did not define the method in the example, the default method, {sas002} is automatically applied. Output 1. The SAS Log for Example One: {sas002}68b27956211d2db651e029c001e3d23059c7d7c8 real time 0.00 seconds cpu time 0.00 seconds Example Two, the Option for Saving the Encoded Password: The encoded password can be saved to a file by specifying a file reference using the <OUT=> option. The saved encoded password can then be retrieved and used in other SAS programs. FILENAME PwdFile "O:\EES\SAS User Groups\encodedPwd.txt" ; PROC PWENCODE IN='myPassword' OUT= PwdFile ; Since we directed the output to a file in this example no encoded password is output to the SAS Log. Output 2. The SAS Log for Example Two: 2

1 FILENAME PwdFile "O:\EES\SAS User Groups\encodedPwd.txt" ; 2 3 PROC PWENCODE IN=XXXXXXXXXXXX out= PwdFile ; 4 real time 0.01 seconds cpu time 0.00 seconds The figure 1 below displays the saved encoded password in a text file. Same as in example one, the encoded password in the output file started with a default tag, {sas002}, because we did not specify the encoding method and default method, {sas002}, was applied. Figure 1. The File with the Saved Encoded Password: Example Three, Specifying the Encoding Method: As discussed before, there are three methods to encode a password, {sas001}, {sas002}, and {sas003}. When a specific method is defined in the PROC PWENCODE procedure the correlated tag is attached at the beginning of the encoded string. In this example, we are using the encoding method {sas001}. So the {sas001} tag is attached at the beginning of the string. Also notice, the encoded string in the SAS log is different from the previous examples. Even though we are encoding the same password but the encoding method we applied here is different. PROC PWENCODE IN='myPassword' METHOD=sas001; Output 3. The SAS Log for Example Three: {sas001}bxlqyxnzd29yza== real time 0.03 seconds cpu time 0.03 seconds USING THE ENCODED PASSWORD IN SAS PROGRAMS After the are encoded by using the PROC PWENCODE procedure the encoded can be used in SAS programs to replace the clear text. Example Four, Using the Encoded Password in LIBNAME Statement: In this example, we are using the encoded password to assign SAS library reference to a remote database using ODBC data source. LIBNAME mylib ODBC USER=myAppID PW="{sas002}526FE20D05B4D88F023236E42C9D0E4520E1ECF1" 3

DSN=myDatabase CONNECTION=UNIQUE ; Output 4. The SAS Log for LIBNAME Statement: 1 LIBNAME mylib ODBC 2 user=myappid 3 pw=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 4 dsn=mydatabase CONNECTION=UNIQUE ; NOTE: Libref mylib was successfully assigned as follows: Engine: ODBC Physical Name: mydatabase 5 Example Five, Using the Encoded Password in Proc SQL: The following example displays the DATA step used to read in the encoded password from a file. The encoded password is then assigned to a macro variable. The macro variable can then be used in SAS programs throughout the application. FILENAME pwfile "O:\EES\SAS User Groups\encodedPwd.txt" ; DATA _NULL_; INFILE pwfile OBS=1 LENGTH=a; INPUT @1 mypw $varying1024. l; CALL SYMPUT('myPW', SUBSTR(myPW,1,a)); RUN; This procedure displays how to use the encoded password in the SQL pass through facility. The password is assigned to the mypw macro variable. After connecting to the remote database through the ODBC data source, data are queried from the mydbtable table. PROC SQL NOPRINT ; CONNECT TO ODBC(USER=myAppID PW= &mypw DSN=myDatabase ); CREATE TABLE mytable AS SELECT * FROM CONNECT to ODBC (SELECT * FROM mydbtable); QUIT ; ENCODING VS. ENCRYPTION Encoding is a process of converting one set of meaningful characters into another set. By converting into a different set the characters become unreadable and the meanings of the characters are disguised from the public. Encryption is a method to transform data from plain text to cipher text through the use of a mathematical algorithmic scheme. Any plain text through encryption process becomes cipher text and is illegible to anyone without a special key. Though both processes involve converting data from one format to another, encoding process is designed for disguising the data to be revealed casually. Encoding and decoding processes do not require a special key. On the other hand, encryption method is used to protect data from to be revealed to anyone other than the intended recipient. In order to read the encrypted text both the encryption key and the mathematical algorithm are required. Encoding is intended to disguise data from to be revealed in public. For our purpose, it works well to prevent casual, non-malicious viewing of password in the SAS programs. Because of the special key and mathematical algorithm involved encryption is generally more difficult to break. It is designed for maintaining data confidentiality. Encoding and encryption are developed for different purposes. One should not replace another. 4

CONCLUSION The Application Login ID and password eliminate the maintenance of individual user login accounts on the database. The PROC PWENCODE procedure enables the password to be encoded and saved in a secure location. By combining the two steps we reduce the maintenance workload and steer clear the password from revealing in the SAS programs. Additionally, since individual users don t have the database login account, users are no longer able to access database through other database query tools. The SAS application becomes the solo point of access to the remote database and allows better oversight for the control of accessing data. This is an additional bonus added to our database access security measures. Even though the PROC PWENCODE procedure is intended for encoding, technically it can be used to encode any strings up to 512 characters in length. The SAS programs in this paper are tested using SAS 9.2. REFERENCES Encryption in SAS 9.2 by SAS Institute. Available at http://support.sas.com/documentation/cdl/en/secref/62092/pdf/default/secref.pdf SAS Online Docs, SAS Institute, Cary, NC ACKNOWLEDGMENTS Many thanks to Huong Luong for providing the Application Login ID and the endless support on the database. CONTACT INFORMATION Your comments and questions are valued and encouraged. Contact the author at: Leanne Tang National Agricultural Statistics Services, USDA 1400 Independence Ave., SW Washington, D.C 20250-2001 202 720 6957 Leanne_tang@nass.usda.gov SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information