Focal Point
Security on Hold Files

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/5251055822

May 18, 2007, 11:33 AM
Stan
Security on Hold Files
I am needing to find out if there is a way to encrypt the data files created by a HOLD file (The .ftm or .foc files). Then unencrypt the file when it is read by the MFD. I know you can put security on the MFD, but I actually need to encrypt the hold file itself. Am I missing the place in the manual where this is described?

Thanks in advance.
May 18, 2007, 12:41 PM
Alan B
The Describing Data manual, chapter 10, has the information in. Now my understanding is that only .foc files, not .ftm, can be encrypted, plus the mfd and fex files if you want.

So if you want to encrypt some data in 'temporary' files, you may have to play around a little.

For example if you want to have:
TABLE FILE CAR
SUM SALES
BY COUNTRY
BY CAR
ON TABLE HOLD
END

held as encrytped data, then you may have to do something like:
APP HOLD BASEAPP
SET XRETRIEVAL=OFF
TABLE FILE CAR
SUM SALES
BY COUNTRY
BY CAR
ON TABLE HOLD AS MYFILE FORMAT FOCUS
END

then edit the mfd, putting ENCRYPT=ON into the segment declaration (XRETRIEVAL=OFF creates the file with no data). Then run:
APP HOLD BASEAPP
TABLE FILE CAR
SUM SALES
BY COUNTRY
BY CAR
ON TABLE HOLD
END
CREATE FILE MYFILE
MODIFY FILE MYFILE
FIXFORM FROM HOLD
DATA ON HOLD
END

which will give encrypted data in the .foc file.

Is this the type of thing that may help?


Alan.
WF 7.705/8.007
May 18, 2007, 12:54 PM
Darin Lee
I know the encryption algorithm for WF is entirely proprietary and I don't know exactly how strong it is. If you're very concerned with security on the file, you may want to check that out before calling yourself "safe."


Regards,

Darin


In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat
May 18, 2007, 01:38 PM
Alan B
I'm not sure how strong it is either Darin, which is a good point if you are dealing with sensitive data.

There is nothing better for security than ensuring that your server is set up in a secure manner to start off with, so that these files couldn't be seen by unauthorised people. Which is a whole subject in it's own right.

Should again plug the WebFOCUS Security and Administration manual, if I've had to read it, so should everyone else Wink


Alan.
WF 7.705/8.007
May 18, 2007, 02:58 PM
Stan
I think this is the right track, but for some reason my hold .foc file is still pretty readable beyond say the first few fields. Perhaps I'm doing the ENCRYPT=ON statement improperly? I'll check again as it may be that the segment number is throwing it off...Either way, you have me on the right track and thank you. Oh how I long for the days where security was basically that the guys who knew how to turn the computer on were allowed to see it and the ones who didn't know how couldn't!
May 19, 2007, 03:57 AM
Alan B
Stan

Make sure that the .foc file is CREATEd with ENCRYPT=ON in the segment declaration. An existing .foc file cannot be encrypted, it has to be from new.


Alan.
WF 7.705/8.007