$PASSWD showing up in job log as my reAl password

Post questions here relative to DataStage Enterprise/PX Edition for such areas as Parallel job design, Parallel datasets, BuildOps, Wrappers, etc.

Moderators: chulett, rschirm, roy

Post Reply
tkmclean
Participant
Posts: 1
Joined: Wed May 31, 2006 8:21 am

$PASSWD showing up in job log as my reAl password

Post by tkmclean »

I have a TRANSFORMER that essentially executes a built up SQL statement. It works....However the log is actually showing my $userid and $passwd as plain text....BAD for SECURITY. the follwing is the derivation in the transfomer

UtilityRunJob("Write_" : DataObjName : "_TEMP",'$userid=': $userid : '|$passwd=': $passwd : "|SQL=": CallJob.SQL :"|Server_Name=" : ServerName : "|Output_Tbl=" : Output_TblName : "|FileName=" : SrcPrefix : CallJob.SOURCE_TBL : "|FieldName=" : CallJob.FIELD : "|RefTblName=" : CallJob.REF_LOC :"|Src_Schema=" : CallJob.SRC_SCHEMA:"|SRC_NAME=":SRC_NAME ,0,0)

the log shows my real username and password. How can I prevent this?
ArndW
Participant
Posts: 16318
Joined: Tue Nov 16, 2004 9:08 am
Location: Germany
Contact:

Post by ArndW »

Unfortunately you cannot avoid it when using the method your are using. I suppose you could set and environment variable elsewhere and thenjust use that environmetn variable in your command but, as you rightly observed, security with external calls such as this is rather lax.
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

I don't recall if the 'source' for that utility is available but I assume it is... you may be able to copy it and create a 'Silent' version, much like there exists one for ExecSH for the exact same reason. Copy it and see about not logging some (or all) of the information you're passing in.
-craig

"You can never have too many knives" -- Logan Nine Fingers
ArndW
Participant
Posts: 16318
Joined: Tue Nov 16, 2004 9:08 am
Location: Germany
Contact:

Post by ArndW »

Somebody doing a PORT.STATUS at the "correct" moment would still see the cleartext.
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

Still... it wouldn't be in the log. :wink:
-craig

"You can never have too many knives" -- Logan Nine Fingers
Post Reply