ENCRYPT/DECRYPT

In this section:

These commands are outside the Maintain language, but are described in this chapter for your convenience. You can issue these commands from within a WebFOCUS procedure, not from within a Maintain procedure.

Since the restriction information for a FOCUS data source is stored in its Master File, you might want to encrypt the Master File in order to prevent users from examining the restriction rules. Only the database administrator can encrypt a Master File. You must set PASS=DBA name before you issue the ENCRYPT command.

The following is an example of the complete procedure:

SET PASS=JONES76
ENCRYPT FILE PERS

The process can be reversed if you wish to change the restrictions. The command to restore the Master File to a readable form is DECRYPT.

The DBA password must be issued with the SET command before the Master File can be decrypted.

For example:

SET PASS=JONES76
DECRYPT FILE PERS

Top of page

x
Encrypting Procedures

Once PASS is set, it is also possible to encrypt procedures by using the same ENCRYPT syntax. If no file extension is specified, the ENCRYPT command assumes an extension of .MAS, so be sure to include the extension when encrypting procedures. Also, remember to include the whole name of the file being encrypted, with no wildcards.

When encrypting any file, it is very important to enter its whole name after the ENCRYPT command. The use of wildcards could damage all the files that fit the file specification with the wildcards, and is therefore very dangerous.


Top of page

x
Encrypting Data

You can also use the ENCRYPT command within the Master File to encrypt some or all of the data.

Encryption takes place on the segment level (that is, the entire segment is encrypted). The request for encryption is made in the Master File by setting the attribute ENCRYPT to ON. For instance:

SEGMENT=COMPSEG, PARENT=IDSEG, SEGTYPE=S1, ENCRYPT=ON,$

You must specify the ENCRYPT attribute when the file is new, before it contains any data. Encryption cannot be requested later by a change to the Master File and cannot be removed once it has been requested and any data has been entered in the file.

Note: Encryption is used only with FOCUS data sources.


Top of page

x
Performance Considerations

There is a small loss in processing efficiency when data is encrypted. You can minimize this loss by grouping the sensitive data fields and making them a separate segment with SEGTYPE=U beneath their original segment.

For example, suppose the data items on a segment are:

diagram example

They should be grouped as:

grouped example


Top of page

x
Restricting Existing Data Sources

When you write a Master File for a new data source and include security limitations, data added to the data source is automatically protected according to those rules. If you write a new Master File for an existing data source that contains no data, that data will also be automatically protected. If, however, you have existing FOCUS data sources to which you want to add security limitations, you need to use the RESTRICT command.

Note: This is not the RESTRICT attribute.

The syntax is

RESTRICT C:filename.FOC
END

where:

filename

Is the name of the data file that you want to protect.

Remember to specify the disk drive letter in this command. If you omit it, you will receive an error message. Also remember to include the file extension. Without it, the RESTRICT command will not be able to find the file.

RESTRICT is actually the next to last of a series of steps that are necessary when changing or adding a password to your data. The following outlines the steps:

  1. Edit the Master File, changing the DBA attribute to equal the new password.
  2. Issue the command SET PASS= the new password.
  3. Issue the CHECK FILE command to load your edited Master File into memory.
  4. The FOCUS data file still has the old password stored in it, so issue SET PASS= the old password so that you have the right to use the RESTRICT command on the data file. (If you are adding a password to a file that has none, this step is unnecessary.)
  5. Issue the RESTRICT command with the FOCUS data file as the parameter.
  6. SET PASS= the new password.

The file now has the new password assigned to it.

Note: Before you begin this procedure, make sure to back up your data file.


WebFOCUS