Architecting, installing and maintaining your SAS environment

Data base authentication details to database from SAS

Accepted Solution Solved
Reply
Contributor
Posts: 24
Accepted Solution

Data base authentication details to database from SAS

Hello All

I have come across the following statements

1. When a SAS program connects to a data base , and the program  sends authentication details to the database, the details are transmitted in clear text

2. When the database authentication details are stored  in Authentication domain  in the metadata server, metadata server transmits passwords to the database  in encrypted form

However my understanding is that in either case the passwords are transmitted in the same fashion .

I would appreciate if somebody can enlighten on this?


Accepted Solutions
Solution
a month ago
Trusted Advisor
Posts: 1,436

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser

Just to complete what @KurtBremser mentioned:

 

Introduction to How SAS/ACCESS Workshttp://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=p0h7i...

 

SAS Security - http://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=n020g...

 

Securing Data
SAS preserves the data security provided by your DBMS and operating system. However, SAS/ACCESS does not override the security of your DBMS

 

All in all, 2 comments:

 

- You can always see/test by yourself, by putting a network sniffer between the SAS server and your database and capture the packages when the DBMS connection is set active. And you will get your answer, if it is understandable text or not.

 

- I would recommend you to drop this question at SAS Technical Support. This question on security seems to be the perfect fit for them, who can provide you the best and official answer.

 

 

 

 

 

View solution in original post


All Replies
Super User
Posts: 20,252

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser

That’s probably a question for tech support. 

Trusted Advisor
Posts: 1,436

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser

Hello @thesasuser,

 

The answer it is actually much easier. Traditionally, a SAS libname to a database looks like this, showing user and password, which sill be shown as is on the logs. Not very secure.

libname mydata odbc complete="driver=SQL Server;
                              user=user-ID;
                              pwd=password;
                              database=SQL-database;
                              Server=server-name" 
                   schema=schema-name;

However, if you have a SAS Metadata server, you can store your credential, besides on the libname definition, but on a system named an Authentication Domain. This Auth Domain is no more and no less than a name (say you call it myDBAuth). This name, will be atttached to your DB connection and to an account stored in the metadata. If this account is stored in a SAS usergroup insted of a SAS user, all the users in this group will connect to that database using the credentials on the account, and you will never see the password on the log.

 

Let me recommend you give a read to these docs:

http://support.sas.com/documentation/cdl/en/mcsecug/69854/HTML/default/viewer.htm#aboutum.htm as good introduction

and http://support.sas.com/documentation/cdl/en/engfedsrv/70118/HTML/default/viewer.htm#n0vqkim10g8j7on1...

http://documentation.sas.com/?docsetId=mcsecug&docsetTarget=n11xfvoau0jli0n1cl6rtfh5idfx.htm&docsetV...

http://documentation.sas.com/?docsetId=bisecag&docsetTarget=p1du6ccnyjmlkdn1pwc9q11m088w&docsetVersi...

Contributor
Posts: 24

Re: Data base authentication details to database from SAS

[ Edited ]
Posted in reply to JuanS_OCS

Thanks JuanS_OCS.

I appreciate your time and effort in replying to my query.

However my question is about how the authentication details are passed from the SAS metadata server to the database.

Is it plain text or encrypted. ?

My understanding is that whatever method one uses to connect to the database from SAS, (via authentication /domain metadata server route or directly using either libname / or proc sql connect to...) the credential would be passed in the same way.

I was wondering if anybody from the community could answer this?

Super User
Posts: 5,494

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser
SAS "always" uses a local client as means of communication with the external database.
So in my mind, this is question how "they" pass the authentication information.
Data never sleeps
Contributor
Posts: 24

Re: Data base authentication details to database from SAS

Thanks LinusH.

I appreciate your time and efforts in replying.

I am sorry your reply does not answer my question.

 

Super User
Posts: 8,080

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser

SAS uses the DB client to communicate with the DB. Since that client has to be installed on the SAS server, all communication with it runs over memory-protected sockets in the local environment, no encryption necessary. How that client then communicates with the DB server over the network connection is determined there, not in SAS.


thesasuser wrote:

Thanks LinusH.

I appreciate your time and efforts in replying.

I am sorry your reply does not answer my question.

 


 

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
Solution
a month ago
Trusted Advisor
Posts: 1,436

Re: Data base authentication details to database from SAS

Posted in reply to thesasuser

Just to complete what @KurtBremser mentioned:

 

Introduction to How SAS/ACCESS Workshttp://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=p0h7i...

 

SAS Security - http://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.2&docsetId=acreldb&docsetTarget=n020g...

 

Securing Data
SAS preserves the data security provided by your DBMS and operating system. However, SAS/ACCESS does not override the security of your DBMS

 

All in all, 2 comments:

 

- You can always see/test by yourself, by putting a network sniffer between the SAS server and your database and capture the packages when the DBMS connection is set active. And you will get your answer, if it is understandable text or not.

 

- I would recommend you to drop this question at SAS Technical Support. This question on security seems to be the perfect fit for them, who can provide you the best and official answer.

 

 

 

 

 

Contributor
Posts: 24

Re: Data base authentication details to database from SAS

Posted in reply to JuanS_OCS
Thanks you all for your efforts and replies.
☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 8 replies
  • 405 views
  • 4 likes
  • 5 in conversation