How to hide the user and password used to connect to an RDBMS

Question ID : 297
Created on 2018-09-20 at 10:12 AM
Author : Veryant Support []

Online URL :

One of the key runtime properties used to connect to an RDBMS from isCOBOL is the iscobol.jdbc.url (among others). It is usually included in a text formatted properties file. For example, the following properties would be included to connect to an Oracle DB.

It is clear that the user "orauser1" and the password "0raPw1" are visible at plain sight.
However, by leveraging the ability of isCOBOL to set runtime properties dynamically, those could be hidden following these tips.

1. Create an ISAM file to store the user and password, including 1 field for each one. For example.
 fd  db-credentials.
 01  db-cred-rec.
     05 db-user     pic x(10).
     05 db-password pic x(16).

2. Create an isCOBOL program to save the user and password on that ISAM file, just as you would save any other data on an indexed file.
Instead, for the password you may use the "a$encrypt" system routine to encrypt it before saving. See the following excerpt.

    call "a$encrypt" using ws-password 

3. Remove the iscobol.jdbc.url property from your text properties file.

4. On the connection program, before the CONNECT statement you will read the ISAM file and decrypt the password as follows.

    call "a$decrypt" using db-password 

5. Finally put together the jdbc.url property dynamically as follows, just before the CONNECT statement.

    initialize ws-jdbc-url
    string "jdbc:oracle:thin:" delimited by size
           db-user delimited by trailing spaces
           "/" delimited by size
           ws-password delimited by trailing spaces
      into ws-jdbc-url

    set environment "jdbc.url"
        to ws-jdbc-url

Back to Original Question