BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
thesasuser
Pyrite | Level 9

Hello All

I have come across the following statements

1. When a SAS program connects to a data base , and the program  sends authentication details to the database, the details are transmitted in clear text

2. When the database authentication details are stored  in Authentication domain  in the metadata server, metadata server transmits passwords to the database  in encrypted form

However my understanding is that in either case the passwords are transmitted in the same fashion .

I would appreciate if somebody can enlighten on this?

1 ACCEPTED SOLUTION

Accepted Solutions
JuanS_OCS
Amethyst | Level 16

Just to complete what @Kurt_Bremser mentioned:

 

Introduction to How SAS/ACCESS Workshttp://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=p0h7i...

 

SAS Security - http://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=n020g...

 

Securing Data
SAS preserves the data security provided by your DBMS and operating system. However, SAS/ACCESS does not override the security of your DBMS

 

All in all, 2 comments:

 

- You can always see/test by yourself, by putting a network sniffer between the SAS server and your database and capture the packages when the DBMS connection is set active. And you will get your answer, if it is understandable text or not.

 

- I would recommend you to drop this question at SAS Technical Support. This question on security seems to be the perfect fit for them, who can provide you the best and official answer.

 

 

 

 

 

View solution in original post

8 REPLIES 8
Reeza
Super User

That’s probably a question for tech support. 

JuanS_OCS
Amethyst | Level 16

Hello @thesasuser,

 

The answer it is actually much easier. Traditionally, a SAS libname to a database looks like this, showing user and password, which sill be shown as is on the logs. Not very secure.

libname mydata odbc complete="driver=SQL Server;
                              user=user-ID;
                              pwd=password;
                              database=SQL-database;
                              Server=server-name" 
                   schema=schema-name;

However, if you have a SAS Metadata server, you can store your credential, besides on the libname definition, but on a system named an Authentication Domain. This Auth Domain is no more and no less than a name (say you call it myDBAuth). This name, will be atttached to your DB connection and to an account stored in the metadata. If this account is stored in a SAS usergroup insted of a SAS user, all the users in this group will connect to that database using the credentials on the account, and you will never see the password on the log.

 

Let me recommend you give a read to these docs:

http://support.sas.com/documentation/cdl/en/mcsecug/69854/HTML/default/viewer.htm#aboutum.htm as good introduction

and http://support.sas.com/documentation/cdl/en/engfedsrv/70118/HTML/default/viewer.htm#n0vqkim10g8j7on1...

http://documentation.sas.com/?docsetId=mcsecug&docsetTarget=n11xfvoau0jli0n1cl6rtfh5idfx.htm&docsetV...

http://documentation.sas.com/?docsetId=bisecag&docsetTarget=p1du6ccnyjmlkdn1pwc9q11m088w&docsetVersi...

thesasuser
Pyrite | Level 9

Thanks JuanS_OCS.

I appreciate your time and effort in replying to my query.

However my question is about how the authentication details are passed from the SAS metadata server to the database.

Is it plain text or encrypted. ?

My understanding is that whatever method one uses to connect to the database from SAS, (via authentication /domain metadata server route or directly using either libname / or proc sql connect to...) the credential would be passed in the same way.

I was wondering if anybody from the community could answer this?

LinusH
Tourmaline | Level 20
SAS "always" uses a local client as means of communication with the external database.
So in my mind, this is question how "they" pass the authentication information.
Data never sleeps
thesasuser
Pyrite | Level 9

Thanks LinusH.

I appreciate your time and efforts in replying.

I am sorry your reply does not answer my question.

 

Kurt_Bremser
Super User

SAS uses the DB client to communicate with the DB. Since that client has to be installed on the SAS server, all communication with it runs over memory-protected sockets in the local environment, no encryption necessary. How that client then communicates with the DB server over the network connection is determined there, not in SAS.


@thesasuser wrote:

Thanks LinusH.

I appreciate your time and efforts in replying.

I am sorry your reply does not answer my question.

 


 

JuanS_OCS
Amethyst | Level 16

Just to complete what @Kurt_Bremser mentioned:

 

Introduction to How SAS/ACCESS Workshttp://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=p0h7i...

 

SAS Security - http://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=n020g...

 

Securing Data
SAS preserves the data security provided by your DBMS and operating system. However, SAS/ACCESS does not override the security of your DBMS

 

All in all, 2 comments:

 

- You can always see/test by yourself, by putting a network sniffer between the SAS server and your database and capture the packages when the DBMS connection is set active. And you will get your answer, if it is understandable text or not.

 

- I would recommend you to drop this question at SAS Technical Support. This question on security seems to be the perfect fit for them, who can provide you the best and official answer.

 

 

 

 

 

thesasuser
Pyrite | Level 9
Thanks you all for your efforts and replies.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • 2330 views
  • 4 likes
  • 5 in conversation