× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. February 2018

Re: Implementing masking either via RCAC or encryption fieldproc

Buck,

For simplicity, consider 2 users...
UserA - can view true value
UserB - first 6 chars/nums of value is masked.

Consider a pgm that does the following... (for a masked user)...
1.) a loanholder ss# is retrieved via chain i/o for one reason or another
2.) it is returned, of course masked (999999234)
3.) then suppose that same pgm needs to chain to another file with the
returned masked value (say for instance a transactional file keyed by ss#
(non-encrypted))...
4.) finally the masked return value needs to be displayed on a
screen/report in its masked form

You see the problem... the masked value will simply not chain correctly to
the transactional file keyed by ss#...

One idea is to create a "runtime user job file" that our fieldproc
encryption pgm uses...

so in the application prior to 1 above, the application is modified inside
its say initialize (*inzr) routine to ask...

- is current user designated to be masked?
- if not, continue as normal
- if so...
- input a usr/job record into the "runtime file" that says turn masking
OFF.
- when the first chain i/o invokes, the fieldproc looks up the runtime
table entry for user/job and determines if masking is ON/OFF
- then 1,2,3 execute above, returning the non-masked value
- just before 4 executes, the runtime file by user/job is changed from
masking OFF to ON
- number 4 executes and the ss# is returned as masked and displayed as
needed.


Hopefully this illustrates the implications we are concerned about... not
sure if the proposed solution is the greatest idea, but at the moment
cannot think of anything better...

thoughts?

Jay Vaughn

On Mon, Feb 19, 2018 at 11:23 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:

On 19 February 2018 at 10:23, Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:
this is conditional masking on system initiated tasks... I'm looking at
strategies to handle masking based on user profile.

Can you describe the business scenario you're working with?
Masking an ID number based on Need To Know (CSR cannot see it at all,
supervisor can see last 4 digits, department head can see all of it)?
Prohibiting update access except for specific persons?

Some of us have puttered around and (for example) ruled RCAC out
because it wasn't a good fit into our business processes. The
question about updating a masked value is one of those business
processes - if (for example) a CSR can't /see/ the credit card number,
how can she be allowed to /update/ it? By and large, we changed
program logic to handle this sort of thing something like a decade
ago, and neither RCAC nor FIELDPROC have been seen as a better fit for
us. I need to stress that this is not a failing of FIELDPROC or RCAC,
but rather not the right size bolts for the holes we already have
drilled.
--buck
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.