How to hide the username and password used to connect to an RDBMS
Estimated Reading Time: 1 MinutesOne of the key runtime properties used to connect to an RDBMS from isCOBOL is the iscobol.jdbc.url . It is usually included in a text formatted properties file. For example, the following properties would be included to connect to an Oracle DB.
iscobol.jdbc.url=jdbc:oracle:thin:orauser1/0raPw1@127.0.0.1:1521:xe iscobol.jdbc.driver=oracle.jdbc.OracleDriver
Notice that the user "orauser1" and the password "0raPw1" are easily readable. By leveraging the ability of isCOBOL to set runtime properties dynamically, those could be hidden. Here are the steps:
1. Create an ISAM file to store the user and password, including 1 field for each one. For example.
fd db-credentials. 01 db-cred-rec. 05 db-user pic x(10). 05 db-password pic x(16).
2. Create an isCOBOL program to save the user and password on that ISAM file, just as you would save any other data on an indexed file. For the password you can use the "a$encrypt" system routine to encrypt it before saving. For example:
call "a$encrypt" using ws-password "thekey01" db-password
3. Remove the iscobol.jdbc.url property from your text properties file.
4. Before the CONNECT statement in the connection program, you will read the ISAM file and decrypt the password as follows.
call "a$decrypt" using db-password "thekey01" ws-password
5. Use the unencrypted password to put the jdbc.url property together dynamically just before the CONNECT statement:
connect-to-db.
initialize ws-jdbc-url
string "jdbc:oracle:thin:" delimited by size
db-user delimited by trailing spaces
"/" delimited by size
ws-password delimited by trailing spaces
"@127.0.0.1:1521:xe"
into ws-jdbc-url
end-string
set environment "jdbc.url"
to ws-jdbc-url