BookmarkSubscribeRSS Feed
Hetty
Calcite | Level 5

I have a couple of stored processes that use passwords.  I'd like to put them out for others in my group but every time I execute one, the log shows all my prompt values including the password.  If I leave the process in SAS Enterprise Guide where I created it, I can turn off EG generated wrapper code but I see no option for that in stored processes.

5 REPLIES 5
Tom
Super User Tom
Super User

Sounds like you are passing the password as a parameter.  Why not convert the logic so that instead a pointer to the password is passed?  Perhaps you could store the password in a database or SAS dataset and pass the name of the dataset.  Then the program logic of the stored password could mask the password when it uses it using NOMPRINT or similar settings.

Hetty
Calcite | Level 5

Thanks for your reply!

I considered picking them from a file but the passwords change all the time for which I am not responsible.  I can't encrypt them either because they go to platforms that can't understand the encryption routine.  The way I've been handling it now is to open up the stored process from SAS EG, run it and then remove it from the project.  What I really want is to turn off the wrapper code so my parms aren't visible.

data_null__
Jade | Level 19

I think that is what PWENCODE does.

Overview: PWENCODE Procedure

The PWENCODE procedure enables you to encode passwords. Encoded passwords can be used in place of plaintext passwords in SAS programs that access relational database management systems (RDBMSs) and various servers, such as SAS/CONNECT servers, SAS/SHARE servers, and SAS Integrated Object Model (IOM) servers (such as the SAS Metadata Server).

TomKari
Onyx | Level 15


From "SAS 9.3 Stored Processes Developer's Guide"

Hiding Passwords and Other Sensitive Data

If you are creating a prompt for a password and want the text to be masked as the user is typing, use a text type prompt, and then select Masked single line (for password entry) as the text type. For more information, see the prompt help in SAS Management Console.

Even if you decide not to use a masked prompt, the SAS log exposes programs and input parameters, which could pose a security issue. There are some actions that you can take to hide passwords and other sensitive data from the SAS log. Password values are hidden from the SAS log for any input parameters with the _PASSWORD suffix anywhere in the parameter name (for example, ABC_PASSWORD, _PASSWORDABC). You can disable the SAS log with the DebugMask Web application initialization parameter. For more information, see “Debugging in the SAS Stored Process Web Application ” on page 134. You can also use the prefix _NOLOG_ with macro variables to hide request variable values.

The _NOLOG_ prefix enables you to create special macro variables that can be sent to the stored process server without publishing the macro variable values in the SAS log. The special macro variables must start with the prefix _NOLOG_. The prefix is not case sensitive. Here is an example of an input parameter with the _NOLOG_ prefix:

http://yourserver/SASStoredProcess/do?_program=/WebApps/Sales/Employee+Salary&_nolog_salary=secretpw

If _NOLOG_SALARY is displayed in the SAS logs, the log shows the following:

_NOLOG_SALARY=XXXXXXXX;Note:The _NOLOG_ prefix and the _PASSWORD suffix are effective only if your stored process is running on a stored process server.

Tom

Hetty
Calcite | Level 5

Well that makes a good argument for setting up a stored process server.  We've only got a logical workspace server.  But I still think we should be able to turn off that wrapper code just like you can in SAS EG.

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 5 replies
  • 2253 views
  • 1 like
  • 4 in conversation