cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
ger15xxhcker
Quartz | Level 8 ger15xxhcker
Quartz | Level 8
Go to Solution

table password hideing, unlocking

Posted 01-23-2020 01:51 PM (1469 views)

There is a table with important data. It is password protected. I would like to use this in a program. After processing the table I would use sha encryption. How do I unlock my password if:

 

-I would like it if the password was not visible in the code
-I would like it not to be visible in the log at run time

How could this problem be solved?

 

Thank you very much

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
Quentin
Super User Quentin
Super User

Re: table password hideing, unlocking

Posted 01-23-2020 04:56 PM (1417 views)  |   In reply to ger15xxhcker

If table means database table, and you're in a SAS metadata server environment, you've got lots of secure options for authentication.  See e.g. this post from @ChrisHemedinger :

 

https://blogs.sas.com/content/sasdummy/2010/11/23/five-strategies-to-eliminate-passwords-from-your-s...

 

(And since it's almost 10 years old, there may be five newer strategies by now...)

 

Also see this other post by Chris, has examples of storing password (could be encrypted via pwencode value) in a secure text file, and reading that file to push the value to a macro variable.

 

https://blogs.sas.com/content/sasdummy/2018/01/16/hide-rest-api-tokens/

 

For the most part, if its obvious to SAS from the context of your code that a value is a password, e.g. (password=&password option or whatever), even if you have MPRINT on SAS won't show the resolved value in the log.  Don't know about symbolgen.

View solution in original post

5 REPLIES 5
SASKiwi
PROC Star SASKiwi
PROC Star

Re: table password hideing, unlocking

Posted 01-23-2020 01:58 PM (1466 views)  |   In reply to ger15xxhcker

You can use the PWENCODE procedure to encode the password: https://documentation.sas.com/?docsetId=proc&docsetTarget=n1vzmasf0tdebfn1xec0k1tevq7q.htm&docsetVer...

 

That doesn't prevent someone else copying the encoded version and using it in their own programs though.

0 Likes
ger15xxhcker
Quartz | Level 8 ger15xxhcker
Quartz | Level 8

Re: table password hideing, unlocking

Posted 01-23-2020 02:04 PM (1463 views)  |   In reply to SASKiwi

Thanks! Yes but this will show the burned password in code. It will not be visible in the log but it is not enough now.

0 Likes
SASKiwi
PROC Star SASKiwi
PROC Star

Re: table password hideing, unlocking

Posted 01-23-2020 03:15 PM (1429 views)  |   In reply to ger15xxhcker

You can also make it a bit harder to find the password by storing it in a macro variable. By default SAS does not resolve macro variable values in SAS logs.

Patrick
Opal | Level 21 Patrick
Opal | Level 21

Re: table password hideing, unlocking

Posted 01-23-2020 10:10 PM (1396 views)  |   In reply to ger15xxhcker

@ger15xxhcker 

If you really want to secure your SAS table then store your data under a metadata bound library as documented here.

This will allow you to manage all data access via metadata security, you'll never have to pass a password via code, and you have multiple options how your physical data at rest should be encrypted.

0 Likes
Quentin
Super User Quentin
Super User

Re: table password hideing, unlocking

Posted 01-23-2020 04:56 PM (1418 views)  |   In reply to ger15xxhcker

If table means database table, and you're in a SAS metadata server environment, you've got lots of secure options for authentication.  See e.g. this post from @ChrisHemedinger :

 

https://blogs.sas.com/content/sasdummy/2010/11/23/five-strategies-to-eliminate-passwords-from-your-s...

 

(And since it's almost 10 years old, there may be five newer strategies by now...)

 

Also see this other post by Chris, has examples of storing password (could be encrypted via pwencode value) in a secure text file, and reading that file to push the value to a macro variable.

 

https://blogs.sas.com/content/sasdummy/2018/01/16/hide-rest-api-tokens/

 

For the most part, if its obvious to SAS from the context of your code that a value is a password, e.g. (password=&password option or whatever), even if you have MPRINT on SAS won't show the resolved value in the log.  Don't know about symbolgen.

hackathon24-white-horiz.png

The 2025 SAS Hackathon has begun!

It's finally time to hack! Remember to visit the SAS Hacker's Hub regularly for news and updates.

Latest Updates

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Watch How to Concatenate Values on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 5 replies
  • ‎01-23-2020 01:51 PM
  • 1470 views
  • 3 likes
  • 4 in conversation