堆栈内存溢出
  简体   繁体   English

如何在COBOL中存储敏感信息?

[英]How to store sensitive information in COBOL?

 原文  2018-05-08 18:07:06       security/ storage/ cobol/ mainframe

问题描述

I currently store a critical credentials into a text file which I load it up in my COBOL program by this way: 我目前将关键凭证存储到文本文件中,并通过以下方式将其加载到我的COBOL程序中: 

  ***********************
   LOAD-CREDENTIALS
  ***********************
     READ PASSFILE

     DISPLAY 'USER: ' WE-USER
     DISPLAY 'PASS: ' WE-PASS

Of course, the real program doesn't display the credentials, this is just an example. 当然,实际程序不会显示凭据,这只是一个示例。 It still is not a good practice. 这仍然不是一个好习惯。

Therefore, what is the most secure way to enhance security when storing passwords in an IBM mainframe using COBOL? 因此,使用COBOL将密码存储在IBM大型机中时,最安全的增强安全性的方法是什么?

1 个解决方案

解决方案1
 6 已采纳  2018-05-08 18:39:29

The short answer to your question "what is the most secure way to enhance security when storing passwords in an IBM mainframe using COBOL?" 您的问题的简短答案“使用COBOL在IBM大型机中存储密码时,增强安全性的最安全方法是什么?” is: you don't store passwords in an IBM mainframe using COBOL (or any other language). 是:您不会使用COBOL(或任何其他语言)将密码存储在IBM大型机中。

Security on an IBM mainframe is accomplished via an External Security Manager (ESM) such as CA-ACF2, IBM RACF, or CA-Top Secret. IBM大型机上的安全是通过外部安全管理器(ESM)来实现的,例如CA-ACF2,IBM RACF或CA-Top Secret。 The ESM controls access to resources such as datasets, transactions, and subsystems eg CICS, DB2, IMS, and TSO. ESM控制对诸如数据集,事务和子系统(例如CICS,DB2,IMS和TSO)之类资源的访问。

If you are trying to secure a resource on an IBM mainframe by rolling your own security system, stop and talk to the ESM administrators at your site to determine the best way for them to secure the resource for you. 如果您试图通过滚动自己的安全系统来保护IBM大型机上的资源,请停止并与您站点的ESM管理员联系,以确定他们为您保护资源的最佳方法。

Some examples... 一些例子...

  • Credentials for SFTP might be kept in a PDS(E) access to which is controlled by the ESM such that only authorized users can access it, and the SFTP parameters are set by policy to retrieve the credentials automatically SFTP的凭据可能会保留在由ESM控制的PDS(E)访问中,以便只有授权用户才能访问它,并且SFTP参数由策略设置为自动检索凭据

  • Credentials to access a REST web service from a CICS application might be provided as part of a URIMAP definition in the form of a certificate controlled by the ESM administrators 从CICS应用程序访问REST Web服务的凭证可能作为URIMAP定义的一部分,以ESM管理员控制的凭证形式提供。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 存储敏感数据/信息的位置 - Where to Store sensitive data/information 如何存储需要在不同用户之间共享的敏感信息? - How to store sensitive information that needs to be shared across different users? 如何使用WPF在客户端存储敏感信息 - How to store sensitive information on client side using wpf 如何在 .Net/WPF 应用程序中存储敏感信息? - How do I store sensitive information in a .Net/WPF app? 在哪里存储应用程序运行所需的敏感信息? - Where to store sensitive information needed for an application to run? 何处将敏感信息存储在Drupal模块中? - Where to store sensitive information in a Drupal Module? 在Android中存储敏感信息的安全方法 - Secure way to store sensitive information in Android 如何安全地存储敏感数据? - How to safely store sensitive data? 将敏感信息存储在来自 c# 的 keepass 数据库中 - Store sensitive information inside keepass database from c# 在 Electron 桌面应用程序中存储敏感信息的最佳实践 - Best practices to store sensitive information in Electron desktop application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM