topic EG Custom Task Security in SAS Enterprise Guide

EG Custom Task Security

sdennett — Thu, 24 Oct 2019 19:35:45 GMT

I have a user on my team who found a custom task online that he wants to use, and thinks that other users in our org might find useful as well. One thing that came up, though, in our conversation was how secure/safe we are downloading a custom task from from somewhere online. I'm wondering if anyone has any advice on how to vet custom tasks prior to installing/distributing internally, or if SAS has a repository of vetted and supported custom tasks available? Or, do custom tasks operate in a way that sandboxes them to ensure data is securely handled?

Re: EG Custom Task Security

ChrisHemedinger — Thu, 24 Oct 2019 19:45:05 GMT

If the task is one that I created, then I will say "it's safe." Many of the tasks I built early on and distributed are now part of the main application anyway.

In general, it's a good idea to find out from the task creator exactly what the task is going to do. Assuming it's a .NET assembly (it must be), it is possible to disassemble the DLL using standard tools and review it thoroughly. But...that's overkill if you can trust the source.

When downloading a task from the internet, this additional step is almost always necessary to install.