Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture + system-based How to assign passwords

Published byOphelia Ward Modified over 5 years ago

Similar presentations

Presentation on theme: "Architecture + system-based How to assign passwords"— Presentation transcript:

1 Architecture + system-based How to assign passwords
Password Protection of SAS® Enterprise Guide® Projects Thomas E. Billings MUFG Union Bank, N.A., San Francisco, California Abstract More on passwords Architecture + system-based SAS® Enterprise Guide® lets a user assign a password to a project, after which any/all users must enter the correct password to be able to open and run the project. In this paper we test the security of password protected projects against 2 hacks. We first present a sample project that has multiple types of Tasks that will be used for testing. Before assigning a password to the project, we demonstrate a simple hack that facilitates the examination of some of the internal metadata of a SAS Enterprise Guide project, i.e., a .egp file. Then we assign a password to the sample project and repeat the hack on the password-protected project, with the result that the hack does not work. Next, we try another simple hack - viewing the .egp file in a text editor - and find that this does not work either. The tests here provide independent confirmation that password-protected .egp files are secure against the 2 hacks demonstrated. We end with a brief discussion on .egp file metadata and its role in the SAS ecosystem. SAS products: SAS Enterprise Guide. User-level: beginner. To remove password protection from an open, password-protected project, repeat the previous process with a “null” password. Above are manual methods; direct update of metadata via batch may be possible. Hacks #1 & #2 don’t work – and that is good! Password protection of projects is 1 layer in a multi-layer security approach that includes OS and SAS metadata security, encryption, etc. Higher security alternatives: stored process on a server instead of a project scheduled, production batch program on a server Security: Hack #1 Assumption: project file saved on MS Windows system Well-known: .egp project files are zipped directories (Hemedinger 2014). Hack #1 -- unzip a project file: Create a separate directory for the unzip Make a copy of the target project in the new directory Rename the *.egp file to *.zip so it can be unzipped Unzip the project .zip file; extract all files. Hack #1 WORKS for project files that are not password protected Hack #1 FAILS for password protected project files – need password for unzip to succeed Hack #1 and metadata Some SAS users work in environments where metadata has limited use: “PC SAS”, mainframe, batch. It may be informative for some legacy users to use hack #1 on a small project of their own, to see firsthand that their projects are zipped files of metadata that can be xml, srx, sas, log, and possibly other types of files. This may help increase understanding of metadata. How to assign passwords To assign a password to an open SAS ® Enterprise Guide ® project, use the menu: Click: File  Project Properties  Security Enter password Click OK Reenter password (2nd validation step; required) Save the project After the above, project access requires the password. Security: Hack #2 Trademark notice String constants in compiled files may be revealed if the compiled file is opened with an ordinary text editor! This is an issue with compiled, encrypted SAS macros; also some programming languages. Hack #2: use a text editor to open a project file, search for the project password Hack #2 fails -- project password is NOT visible SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Disclaimer: The contents of the paper herein are solely the author’s thoughts and opinions, which do not represent those of MUFG Union Bank N.A. The bank does not endorse, recommend, or promote any of the computing architectures, platforms, software, programming techniques or styles referenced in this paper.

Download ppt "Architecture + system-based How to assign passwords"

Similar presentations

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.

®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.

Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
BlowFish 2000 Copyright © 1986-2002 by Gregory Braun. All rights reserved Installation and Users Guide by Robert Moncrief II.

BlowFish 2000 Copyright © by Gregory Braun. All rights reserved Installation and Users Guide by Robert Moncrief II.
Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.

Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.
Click to edit Master subtitle style Mobile Test Suite Installation and configuration Paul Shepherd Senior Repair Technician Zebra Technologies Europe Limited.

Click to edit Master subtitle style Mobile Test Suite Installation and configuration Paul Shepherd Senior Repair Technician Zebra Technologies Europe Limited.
Use Your Favourite Program Editor Duong Tran – Independent Contractor, London, UK Use Your Favourite Program Editor Duong Tran – Independent Contractor,

Use Your Favourite Program Editor Duong Tran – Independent Contractor, London, UK Use Your Favourite Program Editor Duong Tran – Independent Contractor,
Separating the Interface from the Engine: Creating Custom Add-in Tasks for SAS Enterprise Guide ® Peter Eberhardt Fernwood Consulting Group Inc.

Separating the Interface from the Engine: Creating Custom Add-in Tasks for SAS Enterprise Guide ® Peter Eberhardt Fernwood Consulting Group Inc.
Introduction to Morpho RCN Workshop Samantha Romanello Long Term Ecological Research University of New Mexico.

Introduction to Morpho RCN Workshop Samantha Romanello Long Term Ecological Research University of New Mexico.
Copyright © 2005, SAS Institute Inc. All rights reserved. SAS is a registered trademark or trademark of SAS Institute Inc. in the USA and other countries.

Copyright © 2005, SAS Institute Inc. All rights reserved. SAS is a registered trademark or trademark of SAS Institute Inc. in the USA and other countries.
FILE MANAGEMENT Computer Basics 1.3. FILE EXTENSIONS.txt.pdf.jpg.bmp.png.zip.wav.mp3.doc.docx.xls.xlsx.ppt.pptx.accdb.

FILE MANAGEMENT Computer Basics 1.3. FILE EXTENSIONS.txt.pdf.jpg.bmp.png.zip.wav.mp3.doc.docx.xls.xlsx.ppt.pptx.accdb.
® IBM Software Group ©IBM Corporation IBM Information Server Architecture Overview.

® IBM Software Group ©IBM Corporation IBM Information Server Architecture Overview.
Module 1 VASC Websites Copyright 2006 VeriFone, Inc. All rights reserved. No part of this publication may be copied, distributed, stored in a retrieval.

Module 1 VASC Websites Copyright 2006 VeriFone, Inc. All rights reserved. No part of this publication may be copied, distributed, stored in a retrieval.
Hyperion Artifact Life Cycle Management Agenda  Overview  Demo  Tips & Tricks  Takeaways  Queries.

Hyperion Artifact Life Cycle Management Agenda  Overview  Demo  Tips & Tricks  Takeaways  Queries.
CHAPTER Windows Server Management. Chapter Objectives Give an overview of the Server Manager Provide details of accessing the Server Manager Explain the.

CHAPTER Windows Server Management. Chapter Objectives Give an overview of the Server Manager Provide details of accessing the Server Manager Explain the.
1 Lesson 14 Sharing Documents Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.

1 Lesson 14 Sharing Documents Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.

Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Product Training 1 JetFlash Software Application.

Product Training 1 JetFlash Software Application.

Similar presentations

Ads by Google