ENABLE User Program
ENABLE User Program
ENABLE can be used to develop a simple application to perform basic data I/O operations, without coding source programs. It allows the user to:
Control the format of the screen displayed by the application
Limit the types of operations (delete, insert, read, or update) that the application can perform on a data base file
Provide an application to view and update databases
The components of ENABLE are:
ENABLE
ENABAPPS
ENABLEGS
ENABLOBJ
ENABPATS
The tasks performed by an ENABLE application, like a Pathway, are divided between requestors and servers.
A requestor displays the data entry screen, accepts the data entered from the terminal, and passes the data to programs that update the database.
A server adds, alters, and retrieves information from the data base.
ENABLE generates a SCREEN COBOL requestor program to manage the display screens and accept requests . ENABLE supplies a server program that accesses the database and performs the requested operations. ENABLE also produces a third component, a command file used to execute the application under a PATHWAY system.
ENABLE is most often used as a developer's tool for testing and modeling application databases. Securing the compiler object file controls the use of the language.
| Caution | Access to the C language components is required for compilation. |
RISK ENABLE allows anyone with read access to data files and their corresponding dictionary to create an application against the data, with the potential of exposing sensitive information such as account numbers and social security numbers .
RISK ENABLE also provides a vehicle to update sensitive data in Enscribe databases, to which a user has WRITE access.
Secure databases from unauthorized queries by granting READ access to only those users who need to view secure data to perform their jobs. There is no way to audit or limit the contents of the ENABLE application. ENABLE should not be available on a secure system.
RISK On development systems, ENABLE can be made available for use by developers by securing it "NUNU". ENABLE will only allow access to data dictionaries to which the individual developer has access.
Securing ENABLE Components
BP-FILE-ENABLE-01 ENABLE should be secured "UUNU".
BP-OPSYS-OWNER-02 ENABLE should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLE must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-02 ENABAPPS should be secured "NUNU".
BP-OPSYS-OWNER-02 ENABAPPS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABAPPS must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-03 ENABLEGS should be secured "UUNU".
BP-OPSYS-OWNER-02 ENABLEGS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLEGS must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-04 ENABLOBJ should be secured "UUNU".
BP-OPSYS-OWNER-02 ENABLOBJ should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLOBJ must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-05 ENABPATS should be secured "NUNU".
BP-OPSYS-OWNER-02 ENABPATS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABPATS must reside in $SYSTEM.SYSTEM.
If available, use Safeguard or a third party object security product to grant access to ENABLE object files only to users who require access in order to perform their jobs.
BP-SAFE-ENABLE-01 Add a Safeguard Protection Record to grant appropriate access to the ENABLE object file.
| Discovery Questions | Look here: | |
|---|---|---|
| OPSYS-OWNER-02 | Who owns the ENABLE object file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the ENABAPPS file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the ENABLEGS file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the ENALOBJ object file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the ENABPATS file? | Fileinfo |
| FILE-POLICY | Who is allowed to use the ENABLE compiler on the system? | Policy |
| FILE-ENABLE-01 | Is the ENABLE object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-ENABLE-02 | Is the ENABAPPS file secured correctly? | Fileinfo |
| FILE-ENABLE-03 | Is the ENABLEGS object file secured correctly? | Fileinfo |
| FILE-ENABLE-04 | Is the ENABLOBJ object file secured correctly? | Fileinfo |
| FILE-ENABLE-05 | Is the ENABPATS file secured correctly? | Fileinfo |
