Quick note from Paul: I’m really excited that platformadmin.com’s very first guest post is from the well known blogger and author Tricia Aanderud. I suspect you already know Tricia, but just in case you don’t …
Tricia Aanderud, president of And Data, Inc., provides SAS® consulting services to corporations who need assistance understanding how to transform their data into meaningful charts, reports, and dashboards. Tricia has been an enthusiastic SAS user since 2002 and has presented papers at the SAS Global Forum and other industry conferences. She is the co-author of two SAS BI books, “Building Business Intelligence with SAS: Content Development Examples” and “The 50 Keys to Learning SAS Stored Processes”.
Now over to Tricia …
I frequently find myself querying the metadata to assist with understanding a new customer system or trying to navigate one of my demo systems. As a result, I find I have many utilities that I want to share with customers. However, since these connect to the metadata with an active password, I don’t want to share my password. Using the SAS PWENCODE procedure, I can encode my password in a SAS program and voilà! a way to share the code and shield the password.
Encoding the Password
The PWENCODE procedure allows you to encode passwords that are used in place of plaintext passwords in SAS programs.
The following figure shows the PWENCODE procedure in a simple way. My example password, Pa55w0rd!, is placed in quotes. You can use different encoding methods, which you can read more about in the SAS PWENCODE procedure documentation.
The encoded password appears in the log also showing the encoding method (SAS002).
Using Your Password in Code
Here’s an example of a recent program I created to inventory the stored processes on the server. [Angela published the code for this stored process inventory in her SAS BI Blog.]
Here’s the basic process:
- Run the PWENCODE procedure with the password you want to encode.
- Go to the log and copy the password.
- Paste the password in your program. Voilà!
A Word of Caution
As noted in the SAS user documentation, encoding is a way to conceal passwords. This method is intended to “prevent casual, non-malicious viewing of passwords”. A hacker could break this password without much effort is what they are trying to communicate.
Also – remember this is just your password encoded – so it’s still a password. For instance, you can copy this password into a SAS Enterprise Guide Connection Profile and you’re in! This may not be the result you were seeking – however, if you have forgotten your password – this might be a lifesaver.
Better Method for Using Encoded Passwords
If you intend to use an encoded password in a SAS program – then you should consider placing it in a macro variable and storing the macro elsewhere. Here’s an example of this method so you can see the idea.
The metadata connection information is placed in a separate file that is included (or called) at execution time. Obviously, you want to go to special pains to protect the included “SuperSecretInfo” program.
More Information
For more information about using the SAS BI toolset, SAS Enterprise Guide, and writing SAS stored processes, visit my blog, Business Intelligence Notes for SAS BI Users.
If you must have passwords in code, it’s a good idea to “obscure” them — but even better to eliminate the passwords completely from you programs, if you can.
I agree – great suggestion when possible.