Test data is often overlooked, by those using it as well as those that are charged to protect it. Often test databases are compiled from production data. The production database contains corporate specific if not sensitive data, such as employee informa-tion, payroll data, sales forecasts, customer information, etc. This data must be sanitized by whatever means possible before it can be used.
RISK If sensitive data is extracted from production databases and moved or used as test data, the security of the sensitive data is compromised.
Once data has been moved out of production, security controls
are often not as restrictive. Often it is moved to a less
AP-ADVICE-TESTDATA-01 Test data should be generated from generic data or sanitized to eliminate security issues regarding sensitive data.
Some of the
An alternate name for accessing a file
To organize the standard working set of 'pointers' to system resources
A list of
subvolumesto search for a file name
A way to set up attributes for processing
A means of passing attributes to the utility subsystem
The operating system (file system or I/O process) usually processes DEFINEs, while application programs or run-time libraries process ASSIGNs.
DEFINEs are added, deleted and
TACL MACRO files or OBEY files
Pathway server Configurations
An ATTACHMENT-SET within NETBATCH
The TACLLOCL and TACLCSTM files
A process 'inherits' the working set of DEFINEs upon startup.
RISK DEFINEs can be 'disabled' by issuing the SET DEFMODE OFF command within TACL or programmatically.
DEFINEs are named sets of attributes and associated values. They specify information that is
A DEFINE has the following
NAME A unique descriptive name starting with '=' and up to 23
CLASS A designation of usage class
ATTRIBUTE A defined attribute of the class
VALUE The value associated with the attribute; filename, tape name, etc.
There are eight classes (types) of DEFINEs.
Used to specify the name of an SQL Catalog
Used to specify a substitute file name
Used to specify a list of subvolumes for resolving file
Used to specify the attributes of a spooler job
Used to specify the attributes of a file on a labeled tape
Used with the tape cataloging facilities of the DSM/TC product
Example 1: SQL CATALOG
Define Name =MY_CATALOG CLASS CATALOG SUBVOL \SYSA.$DISK11.MYCATS
Example 2: CLASS MAP
Define Name =MY_CODE_FILE CLASS MAP FILE \SYSA.$TEST21.TESTAPP.CODES
Example 3: DEFAULTS
Define Name =_DEFAULTS CLASS DEFAULTS VOLUME $DISK21.MYHOMEV
RISK Using DEFINEs can cause erroneous results if the logical DEFINE is changed then referenced. For instance, assume that the DEFINE =MY_CODE_FILE is pointing to a test file. If a TACL command such as FUP PURGEDATA =MY_CODE_FILE is performed, it will purgedata the file \SYSA.$DISK21.MASTER.CODES. If the DEFINE is changed to point to a different file, such as \SYSA.$PROD.PRODAPP.CODES the same command could erroneously purge the data from the production application file (
RISK Using DEFINEs can mask the ultimate file, process, device, etc. that will be affected from the
user, which can be desirable and undesirable at the same time.
RISK Ending a TACL session or logging off of TACL deletes any existing DEFINEs. They must be re-added for each new TACL in order to be in effect for new processes.
This is a system DEFINE that specifies the current default node, volume, subvolume and catalog for expanding partially qualified Guardian names throughout the system and subsystems. The _DEFAULTS DEFINE is set with the DEFAULT program.
The ASSIGN command within TACL is used to associate the names of a physical file to a logical file name used in a program, and
While the operating system (file system or I/O process) usually processes DEFINEs, application programs or run-time libraries process ASSIGNs. The process or run-time library processes the incoming ASSIGNs and uses the information within the code.
Example 1 shows an ASSIGN for an existing file.
ASSIGN MASTERFILE, $DATA1.CUSTMR.MSTFILE
Example 2 shows an ASSIGN with Create File Characteristics
ASSIGN OUTFILE, $DATA2.CUSTMR.NEWMST, EXT 32, CODE 123
ASSIGNs are added using TACL or a TACL Macro. TACL stores the assigned values and sends those values to requesting processes in the form of ASSIGN messages. TACL does not interpret the assigned values ”that task must be performed by the application program.
RISK ASSIGNs have similar risks to DEFINEs, in that changing the ASSIGN attribute can change the filename or specification that the program using the ASSIGN acts upon.
RISK Ending a TACL session or logging off of TACL deletes any existing assignments. They must be re-added upon logging on again in order to be in effect when starting new processes.
A PARAM is used to pass any information that the receiving process is expecting. PARAM allows passing parameter names and values to a process.
Example 1 shows a PARAM DEVICE_TYPE.
SET PARAM DEVICE_TYPE 2
The receiving process would be expected to use the PARAM to perform an action based upon the DEVICE_TYPE entered.
PARAMs are added from TACL or a TACL Macro. TACL stores the values of parameters assigned by the PARAM command and sends these values to processes that request parameter values in the form of a PARAM message. TACL does not interpret the assigned values ”that task must be performed by the receiving program.
RISK PARAMs can be any type of information including filenames, process names, user names and passwords.
RISK PARAMs have similar risks to DEFINEs, in that changing the PARAM can change the task the receiving program
RISK Ending a TACL session or logging off of TACL, or executing the CLEAR PARAM command deletes or clears PARAMs. They must be re-added upon logging on again in order to be in effect when starting new processes.