There is a table with important data. It is password protected. I would like to use this in a program. After processing the table I would use sha encryption. How do I unlock my password if:
-I would like it if the password was not visible in the code
-I would like it not to be visible in the log at run time
How could this problem be solved?
Thank you very much
If table means database table, and you're in a SAS metadata server environment, you've got lots of secure options for authentication. See e.g. this post from @ChrisHemedinger :
(And since it's almost 10 years old, there may be five newer strategies by now...)
Also see this other post by Chris, has examples of storing password (could be encrypted via pwencode value) in a secure text file, and reading that file to push the value to a macro variable.
https://blogs.sas.com/content/sasdummy/2018/01/16/hide-rest-api-tokens/
For the most part, if its obvious to SAS from the context of your code that a value is a password, e.g. (password=&password option or whatever), even if you have MPRINT on SAS won't show the resolved value in the log. Don't know about symbolgen.
You can use the PWENCODE procedure to encode the password: https://documentation.sas.com/?docsetId=proc&docsetTarget=n1vzmasf0tdebfn1xec0k1tevq7q.htm&docsetVer...
That doesn't prevent someone else copying the encoded version and using it in their own programs though.
Thanks! Yes but this will show the burned password in code. It will not be visible in the log but it is not enough now.
You can also make it a bit harder to find the password by storing it in a macro variable. By default SAS does not resolve macro variable values in SAS logs.
If you really want to secure your SAS table then store your data under a metadata bound library as documented here.
This will allow you to manage all data access via metadata security, you'll never have to pass a password via code, and you have multiple options how your physical data at rest should be encrypted.
If table means database table, and you're in a SAS metadata server environment, you've got lots of secure options for authentication. See e.g. this post from @ChrisHemedinger :
(And since it's almost 10 years old, there may be five newer strategies by now...)
Also see this other post by Chris, has examples of storing password (could be encrypted via pwencode value) in a secure text file, and reading that file to push the value to a macro variable.
https://blogs.sas.com/content/sasdummy/2018/01/16/hide-rest-api-tokens/
For the most part, if its obvious to SAS from the context of your code that a value is a password, e.g. (password=&password option or whatever), even if you have MPRINT on SAS won't show the resolved value in the log. Don't know about symbolgen.
Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.
Register today!Learn how use the CAT functions in SAS to join values from multiple variables into a single value.
Find more tutorials on the SAS Users YouTube channel.
Select SAS Training centers are offering in-person courses. View upcoming courses for: