|Title: How to hide the user and password used to connect to an RDBMS|
One of the key runtime properties used to connect to an RDBMS from isCOBOL is the iscobol.jdbc.url (among others). It is usually included in a text formatted properties file. For example, the following properties would be included to connect to an Oracle DB.
iscobol.jdbc.url=jdbc:oracle:thin:orauser1/0raPw1@127.0.0.1:1521:xe iscobol.jdbc.driver=oracle.jdbc.OracleDriverIt is clear that the user "orauser1" and the password "0raPw1" are visible at plain sight. However, by leveraging the ability of isCOBOL to set runtime properties dynamically, those could be hidden following these tips. 1. Create an ISAM file to store the user and password, including 1 field for each one. For example.
fd db-credentials. 01 db-cred-rec. 05 db-user pic x(10). 05 db-password pic x(16).
2. Create an isCOBOL program to save the user and password on that ISAM file, just as you would save any other data on an indexed file. Instead, for the password you may use the "a$encrypt" system routine to encrypt it before saving. See the following excerpt.
call "a$encrypt" using ws-password "thekey01" db-password
3. Remove the iscobol.jdbc.url property from your text properties file.
4. On the connection program, before the CONNECT statement you will read the ISAM file and decrypt the password as follows.
call "a$decrypt" using db-password "thekey01" ws-password
5. Finally put together the jdbc.url property dynamically as follows, just before the CONNECT statement.
connect-to-db. initialize ws-jdbc-url string "jdbc:oracle:thin:" delimited by size db-user delimited by trailing spaces "/" delimited by size ws-password delimited by trailing spaces "@127.0.0.1:1521:xe" into ws-jdbc-url end-string set environment "jdbc.url" to ws-jdbc-url
|Authored by: Veryant Support on Thu, Sep 20th, 2018 at 7:00 PM
This question has been viewed 450 times so far.
|Online URL: http://support.veryant.com/support/phpkb/question.php?ID=297|
Powered by PHPKB Knowledge Base Software