- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Hiding a Variable from the Log with Underscores ... Almost Works
At the recent JMP Summit I was asking developers about how I could hide a variable that contained credentials to a database. My current solution is 80% of the way there. I set the credentials in a variable in an encrypted script, then I Include() that script and use the variable in a script that connects to the database. Anyone who opens the main script can see the credentials by going to the log file and looking up the variable. The JSL developers were in demand at the Summit and other people I talked to weren't sure how to hide a variable.
Then I saw this: Encryption and Global Variables (jmp.com)
If you just put two underscores before a variable it will hide them ... almost. If you try Show ( __myVar), Print ( __myVar), or Write ( __myVar), the result will be blank. Great! But then I found if you just type __myVar directly into the log, the log defines it for you. That's actually one of the easiest ways to show the variable...
Seems like an un-intended loophole. The double underscore stops all those script methods and if you hover over the variable name in the script it won't show the contents. But there's this real obvious way to show the contents just by entering the variable directly.
I have good reasons for not wanting to encrypt the main script, only the connection string. Not sure if this is a Wishlist item or if I am missing something.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
If you look at my "JMP and Oracle ..." talk mentioned above this is what I do:
- Create an encrypted function that returns the database connection.
Here's the tail end of the function:
my_dbc = create database connection(dsn_string);
// Return the connection to Oracle
my_dbc;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
Actually, it gets me 100% of the way there. It occured to me that the Include would only show the last thing it did in the log. I added a Print("This is the last thing") and now I can't see the function definition.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
I think you have to either:
- create encrypted function to perform the query which contains the connection string inside the function (never return those)
- create encrypted function which opens the database connection (cannot use New SQL Query() if you use this which is the preferred method in JMP to perform data queries)
- Use something like Windows credential manager
JMP scripts embed DSN parameters; why??
How to handle user password information in JSL ( ODBC connection strings )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
If you look at my "JMP and Oracle ..." talk mentioned above this is what I do:
- Create an encrypted function that returns the database connection.
Here's the tail end of the function:
my_dbc = create database connection(dsn_string);
// Return the connection to Oracle
my_dbc;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
Thank you! I think this gets me 99% of the way there. It solves the variable problem nicely. The 1% is that I can see the credentials when the Include() command is run. Anyone looking at the script can see something like Include(db_credentials), run that line, and look in the log file.
For me it looks like this:
Include("DSN encrypted function.jsl");
//Log file shows:
//:*/
Include("DSN encrypted function.jsl");
/*:
Function( {},
{Default Local},
dsn_string = "DSN=myDSN;UID=" || "uname" || ";PWD=" || "pwd" || ";";
my_dbc = Create Database Connection( dsn_string );
my_dbc;
)
It also doesn't address the part of my question about the two underscore technique. Why have it if it only partially obscures variables? Is it for security or some other purpose?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
Actually, it gets me 100% of the way there. It occured to me that the Include would only show the last thing it did in the log. I added a Print("This is the last thing") and now I can't see the function definition.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
Apparently, you can also see all the "hidden" variables in the debugger.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
I've been redefining sensitive variables as Empty() after I use them so, even if someone gets the variable names, they won't contain any information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Re: Hiding a Variable from the Log with Underscores ... Almost Works
Names default to here(1);
__Hello=1;
Show(__Hello);
Show(Char(__Hello));
new namespace("__Test");
__Test:Hello=1;
Show(__Test);
Show namespaces();