cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Try the Materials Informatics Toolkit, which is designed to easily handle SMILES data. This and other helpful add-ins are available in the JMP® Marketplace
Choose Language Hide Translation Bar
jay_holavarri
Level III

Hiding a Variable from the Log with Underscores ... Almost Works

At the recent JMP Summit I was asking developers about how I could hide a variable that contained credentials to a database. My current solution is 80% of the way there. I set the credentials in a variable in an encrypted script, then I Include() that script and use the variable in a script that connects to the database. Anyone who opens the main script can see the credentials by going to the log file and looking up the variable. The JSL developers were in demand at the Summit and other people I talked to weren't sure how to hide a variable.

 

Then I saw this: Encryption and Global Variables (jmp.com)

If you just put two underscores before a variable it will hide them ... almost. If you try Show ( __myVar), Print ( __myVar), or Write ( __myVar), the result will be blank. Great! But then I found if you just type __myVar directly into the log, the log defines it for you. That's actually one of the easiest ways to show the variable...

 

Seems like an un-intended loophole. The double underscore stops all those script methods and if you hover over the variable name in the script it won't show the contents. But there's this real obvious way to show the contents just by entering the variable directly.

 

I have good reasons for not wanting to encrypt the main script, only the connection string. Not sure if this is a Wishlist item or if I am missing something.

2 ACCEPTED SOLUTIONS

Accepted Solutions
pmroz
Super User

Re: Hiding a Variable from the Log with Underscores ... Almost Works

If you look at my "JMP and Oracle ..." talk mentioned above this is what I do:

  • Create an encrypted function that returns the database connection.

Here's the tail end of the function:

	my_dbc = create database connection(dsn_string);
// Return the connection to Oracle
	my_dbc;

View solution in original post

jay_holavarri
Level III

Re: Hiding a Variable from the Log with Underscores ... Almost Works

Actually, it gets me 100% of the way there. It occured to me that the Include would only show the last thing it did in the log. I added a Print("This is the last thing") and now I can't see the function definition.

 

Thanks!

View solution in original post

7 REPLIES 7
jthi
Super User

Re: Hiding a Variable from the Log with Underscores ... Almost Works

I think you have to either:

  • create encrypted function to perform the query which contains the connection string inside the function (never return those)
  • create encrypted function which opens the database connection (cannot use New SQL Query() if you use this which is the preferred method in JMP to perform data queries)
  • Use something like Windows credential manager

JMP scripts embed DSN parameters; why?? 

How to handle user password information in JSL ( ODBC connection strings ) 

 

-Jarmo
pmroz
Super User

Re: Hiding a Variable from the Log with Underscores ... Almost Works

If you look at my "JMP and Oracle ..." talk mentioned above this is what I do:

  • Create an encrypted function that returns the database connection.

Here's the tail end of the function:

	my_dbc = create database connection(dsn_string);
// Return the connection to Oracle
	my_dbc;
jay_holavarri
Level III

Re: Hiding a Variable from the Log with Underscores ... Almost Works

Thank you! I think this gets me 99% of the way there. It solves the variable problem nicely. The 1% is that I can see the credentials when the Include() command is run. Anyone looking at the script can see something like Include(db_credentials), run that line, and look in the log file.

 

For me it looks like this:

Include("DSN encrypted function.jsl");


//Log file shows:
//:*/
Include("DSN encrypted function.jsl");
/*:
Function( {},
	{Default Local},
	dsn_string = "DSN=myDSN;UID=" || "uname" || ";PWD=" || "pwd" || ";";
	my_dbc = Create Database Connection( dsn_string );
	my_dbc;
)

It also doesn't address the part of my question about the two underscore technique. Why have it if it only partially obscures variables? Is it for security or some other purpose?

jay_holavarri
Level III

Re: Hiding a Variable from the Log with Underscores ... Almost Works

Actually, it gets me 100% of the way there. It occured to me that the Include would only show the last thing it did in the log. I added a Print("This is the last thing") and now I can't see the function definition.

 

Thanks!

mmarchandTSI
Level V

Re: Hiding a Variable from the Log with Underscores ... Almost Works

Apparently, you can also see all the "hidden" variables in the debugger.

 

mmarchandTSI_0-1698788032762.png

 

mmarchandTSI
Level V

Re: Hiding a Variable from the Log with Underscores ... Almost Works

I've been redefining sensitive variables as Empty() after I use them so, even if someone gets the variable names, they won't contain any information.

hogi
Level XII

Re: Hiding a Variable from the Log with Underscores ... Almost Works

Names default to here(1);
__Hello=1;
Show(__Hello);
Show(Char(__Hello));



new namespace("__Test");
__Test:Hello=1;
Show(__Test);
Show namespaces();