|
In this section: |
Most data security issues are best handled by the FOCUS DBA facility.
However, some additional data security facilities are incorporated within Dialogue Manager. These are:
External security systems can also set passwords through the FOCUSID exit routine.
|
How to: |
The NODISPLAY attribute can be used with -CRTFORM to create a password prompt with no display of the input characters.
<.NODISP.&mypass
Consider the following example in which the attribute .NODISP before the variable instructs the system to accept the response, but not display it, and to set the password to the value that was altered:
-SET &MYPASS = '12345678' ; -CRTFORM -" ENTER YOUR PASSWORD <.NODISP.&MYPASS " SET PASS = &MYPASS
Passwords can be set within FOCEXECs and tied to different portions of FOCEXECs according to this syntax:
-PASS password
Since -PASS is a Dialogue Manager command, it executes immediately and is not sent to the FOCSTACK. This means that the user need not issue the password with the SET command. It also means that the password is not visible to anyone. Of course, the procedure must be encrypted so that printing the procedure cannot reveal the password.
The Dialogue Manager command -PASS can have a variable attached to it as well as a literal. The syntax is:
-PASS &value
For example:
-PASS &MYPASS -PASS &VAL.ENTER YOUR PASSWORD.
This command is only visible when editing the FOCEXEC. It does not appear when the ECHO option is ALL and is not printed in a batch run log.
|
How to: |
Keep the actual text of a stored FOCEXEC confidential while allowing users to execute the FOCEXEC. You do this either because there is confidential information stored in the FOCEXEC or because you do not want the FOCEXEC changed by unauthorized users. You can protect a stored FOCEXEC from unauthorized users with the ENCRYPT command.
Any user can execute an encrypted FOCEXEC, but you must decrypt the FOCEXEC to view it. Only a user with the encrypting password can decrypt the FOCEXEC.
The password selected by a user to ENCRYPT or DECRYPT a FOCEXEC is not viewable by any editor and it is unrelated to the DBA passwords of the files being used.
Use the following procedure to encrypt the FOCEXEC named SALERPT:
SET PASS = DOHIDE ENCRYPT FILE SALERPT FOCEXEC
Anyone can execute the FOCEXEC by typing EX SALERPT. The FOCEXEC can only be viewed by decrypting it, as follows:
SET PASS = DOHIDE DECRYPT FILE SALERPT FOCEXEC
Encrypted FOCEXECs cannot be echoed or have the commands displayed on the terminal, so &ECHO has no effect.
Users can respond to a Dialogue Manager value request with QUIT and return to the FOCUS command level. In situations where it is important to prevent users from entering or returning to FOCUS, the environment can be locked and QUIT can be deactivated by entering in a FOCEXEC:
-SET &QUIT=OFF;
With QUIT deactivated, any attempt to leave Dialogue Manager produces an error message. Following the error message, the user is reprompted for the needed value.
A user may still terminate the session from inside a locked environment by responding to a prompt with:
QUIT FOCUS
This returns the user to the operating system, not to the FOCUS command level.
The default setting for &QUIT is ON.