I have the following code to connect to an external DB inside a COBOL program:
MOVE 'I2SFG04' TO WK-USER
MOVE '12345' TO WK-PASS
EXEC SQL
CONNECT TO :WK-EXT-MACHINE
USER :WK-USER
USING :WK-PASS
END-EXEC.
But as you can guess, I don't want to hardcode the user and pass within the COBOL program. So is there a secure way to store them so anyone who has access to view the COBOL program can't see the credentials?
My first approach was to create a file (RACF protected) with the SYSIN content, so the COBOL program can load it up, but it won't be displayed in the source code. Something like this:
//STEP001 EXEC PGM=IKJEFT01
//STEPLIB DD DSN=I2SJR04.SYS.DBRMLIB,DISP=SHR
//SYSIN DD DSN=EF35.PRIVATE.DB.LOGIN,DISP=SHR
//SYSOUT DD SYSOUT=*
//SYSTSIN DD *
DSN SYSTEM(SSID)
RUN PROGRAM(MYCOBB) PLAN(PLANNAME) -
LIB('I2SJR04.SYS.LOADLIB')
END
/*
Content of EF35.PRIVATE.DB.LOGIN file:
I2SFG04
12345
Is there a better way to handle this kind of situations?
If its an IBM zOS mainframe you do not need to supply any credentials.
Your connect will use the user-id of the running job.
You just need to tell your DBA what the JCL user id the job will run under -- he will then grant access to the plan you are using.