Password info encrypted/clear from Log

chulett · Post by **chulett** » Thu Sep 04, 2008 1:40 pm

I don't have a Windows server so don't have ExecDOS. Post the routine code, wrapped in

 tags and we'll see what we can do.

nivas · Post by **nivas** » Thu Sep 04, 2008 2:32 pm

chulett wrote:I don't have a Windows server so don't have ExecDOS. Post the routine code, wrapped in

Code: Select all

 tags and we'll see what we can do. ...[/quote]


jobName="runSSISPackageBOALoad"

*Run SSIS Package  
DosCommand="C:\psexec\psexec -U hcf":UserID:" -p ":Password:" \\HCF15 -i dtexec /SQL \ZeroCouponLoad\BOALoad /SERVER HCF15 /CHECKPOINTING OFF  /REPORTING EW"
call DSU.ExecDOS(DosCommand,ErrCode);    
if ErrCode <> 0 
Then Call DSLogFatal("DOS script failed.", jobName)

chulett · Post by **chulett** » Thu Sep 04, 2008 3:09 pm

Sorry, I meant the source code for the ExecDOS routine, not your wrapper code. Odd that it has a DSU prefix, that means it is a User written routine so someone told it to log the command line.

You could also switch to using DSExecute() directly, that doesn't log anything like the ExecXX wrapper does. The only difference between ExecXX and ExecXXSilent (UNIX or DOS) is what each chooses to log after calling DSExecute.

ray.wurlod · Post by **ray.wurlod** » Thu Sep 04, 2008 3:29 pm

Use an after job subroutine to replace the password in the log. Most error handling has been omitted from the example below for clarity.

Code: Select all

SUBROUTINE HideLogPassword(InputArg,ErrorCode)
$IFNDEF JOBCONTROL.H
$INCLUDE DSINCLUDE JOBCONTROL.H
$ENDIF

* Get job information
JobName = Field(DSGetJobInfo(DSJ.ME, DSJ.JOBNAME), ".", 1,1)
JobNumber = Trans("DS_JOBS", JobName, 5, "X")
JobStart = DSGetJobInfo(DSJ.ME, DSJ.JOBSTARTTIMESTAMP)

* Open the job log
LogFileName = "RT_LOG" : JobNumber
Open LogFileName To hLogFile
Then

   * Generate Select List of log entries for current run
   Perform "SELECT " : LogFileName : " WITH TIMESTAMP > " : SQuote(JobStart) : " TO 9"

   Loop
   While ReadNext EventNo From 9

      * Read the logfile entry text, locking for update.
      ReadVU LogEntry From hLogFile, EventNo, 10
      Then

         * Determine whether "psexec" occurs in entry.
         If Index(LogEntry, "psexec", 1)
         Then

            * Extract the password from that entry.
            Password = Field(LogEntry, "-p", 2 1)
            Password = Left(Password, Index(Password, "\\", 1) - 1)
            Password = Trim(Password)

            * Replace the found password with asterisks.
            LogEntry = Ereplace(LogEntry, Password, "********", 1, 1)

            * Replace that line into the log.
            WriteV LogEntry To hLogFile, EventNo, 10)
            Else
               Release hLogFile, EventNo
            End

         End

      End
      Else
         Release hLogFile, EventNo
      End

   Repeat

Close hLogFile

End

RETURN

chulett · Post by **chulett** » Thu Sep 04, 2008 3:35 pm

Yikes. Interesting idea, but why not just not write it there in the first place?

ray.wurlod · Post by **ray.wurlod** » Thu Sep 04, 2008 3:39 pm

Because DataStage writes it there if it's an ExecXXX subroutine.

Of couse, if writing from job control, one can determine exactly what to include in your DSLogInfo() and DSLogWarn() calls.

umamahes · Post by **umamahes** » Thu Sep 04, 2008 4:11 pm

I am deleting my post from here

chulett · Post by **chulett** » Thu Sep 04, 2008 4:22 pm

Now, hold on a darn minute. This isn't your thread so let's not steer the boat off course quite yet. You need to start a new thread if you want to talk about your problems.

chulett · Post by **chulett** » Thu Sep 04, 2008 4:24 pm

ray.wurlod wrote:Because DataStage writes it there if it's an ExecXXX subroutine.

Which is exactly why I suggested creating a 'Silent' version of the routine that doesn't log that stuffs or since it's all custom code, switch to using DSExecute directly.