Your SAS programs, embedded in web apps and elsewhere

Any way to turn off Wrapper Code in the Log?

Reply
Occasional Contributor
Posts: 8

Any way to turn off Wrapper Code in the Log?

I have a couple of stored processes that use passwords.  I'd like to put them out for others in my group but every time I execute one, the log shows all my prompt values including the password.  If I leave the process in SAS Enterprise Guide where I created it, I can turn off EG generated wrapper code but I see no option for that in stored processes.

Super User
Super User
Posts: 7,038

Re: Any way to turn off Wrapper Code in the Log?

Sounds like you are passing the password as a parameter.  Why not convert the logic so that instead a pointer to the password is passed?  Perhaps you could store the password in a database or SAS dataset and pass the name of the dataset.  Then the program logic of the stored password could mask the password when it uses it using NOMPRINT or similar settings.

Occasional Contributor
Posts: 8

Re: Any way to turn off Wrapper Code in the Log?

Thanks for your reply!

I considered picking them from a file but the passwords change all the time for which I am not responsible.  I can't encrypt them either because they go to platforms that can't understand the encryption routine.  The way I've been handling it now is to open up the stored process from SAS EG, run it and then remove it from the project.  What I really want is to turn off the wrapper code so my parms aren't visible.

Respected Advisor
Posts: 3,799

Re: Any way to turn off Wrapper Code in the Log?

I think that is what PWENCODE does.

Overview: PWENCODE Procedure

The PWENCODE procedure enables you to encode passwords. Encoded passwords can be used in place of plaintext passwords in SAS programs that access relational database management systems (RDBMSs) and various servers, such as SAS/CONNECT servers, SAS/SHARE servers, and SAS Integrated Object Model (IOM) servers (such as the SAS Metadata Server).

PROC Star
Posts: 1,167

Re: Any way to turn off Wrapper Code in the Log?


From "SAS 9.3 Stored Processes Developer's Guide"

Hiding Passwords and Other Sensitive Data

If you are creating a prompt for a password and want the text to be masked as the user is typing, use a text type prompt, and then select Masked single line (for password entry) as the text type. For more information, see the prompt help in SAS Management Console.

Even if you decide not to use a masked prompt, the SAS log exposes programs and input parameters, which could pose a security issue. There are some actions that you can take to hide passwords and other sensitive data from the SAS log. Password values are hidden from the SAS log for any input parameters with the _PASSWORD suffix anywhere in the parameter name (for example, ABC_PASSWORD, _PASSWORDABC). You can disable the SAS log with the DebugMask Web application initialization parameter. For more information, see “Debugging in the SAS Stored Process Web Application ” on page 134. You can also use the prefix _NOLOG_ with macro variables to hide request variable values.

The _NOLOG_ prefix enables you to create special macro variables that can be sent to the stored process server without publishing the macro variable values in the SAS log. The special macro variables must start with the prefix _NOLOG_. The prefix is not case sensitive. Here is an example of an input parameter with the _NOLOG_ prefix:

http://yourserver/SASStoredProcess/do?_program=/WebApps/Sales/Employee+Salary&_nolog_salary=secretpw

If _NOLOG_SALARY is displayed in the SAS logs, the log shows the following:

_NOLOG_SALARY=XXXXXXXX;Note:The _NOLOG_ prefix and the _PASSWORD suffix are effective only if your stored process is running on a stored process server.

Tom

Occasional Contributor
Posts: 8

Re: Any way to turn off Wrapper Code in the Log?

Well that makes a good argument for setting up a stored process server.  We've only got a logical workspace server.  But I still think we should be able to turn off that wrapper code just like you can in SAS EG.

Ask a Question
Discussion stats
  • 5 replies
  • 536 views
  • 0 likes
  • 4 in conversation