Using VEOPEN with PowerHouse on the HP-3000

Walter Murray wmurray@midtown.net
Wed, 17 Mar 2004 19:06:26 -0800 

2004-03-17

Greetings,

I hope all you experts will be tolerant of this PowerHouse novice.  I'm
an old hand at the HP-3000 and MPE, but new to the wonderful world of
Cognos software.

Can anyone share any experiences, tips, or pitfalls with using the
VEOPEN procedure (part of SECURITY/3000 from VESOFT, Inc.), with
PowerHouse applications?

I am in the midst of a project to eliminate IMAGE passwords that appear
in plain text in places like source code, job streams, schemas, etc.
The goals are (1) to minimize the risk that someone looking through
files or listings will discover a password he shouldn't know; and (2) to
make it easy to change a password without having to hunt down and change
every file that might contain that password.

I am using VEOPEN to accomplish this, and I have just about everything
worked out except what I need to do with PowerHouse.

As I understand it (and please set me straight if I don't have this
right), PowerHouse needs to know only one password for each IMAGE
database, and that has to be a password that permits read and write
access to all data sets and items.  That password appears in plain text
in the source schema, but apparently is encrypted in the compiled
schema.  (I deduce this because I dumped a small compiled schema and
didn't see any passwords.)  

My plan is to remove the passwords from the PowerHouse schemas and
recompile them.  According to the documentation, that will cause
PowerHouse to use a semicolon password when calling DBOPEN, which
normally wouldn't work, except for the creator of the database.

The trick, then, is to make sure that calls to DBOPEN from PowerHouse
are intercepted by an XL that VESOFT provides, named
VEOPENNL.PUB.VESOFT.  The VESOFT version of DBOPEN calls VEOPEN, when
consults an Access Control File created by the Data Base Administrator.
If the user is authenticated, VEOPEN then gets the database password
from the root file and passes it along in its call to the real version
of DBOPEN.

What I need to do, then, is provide for PowerHouse programs to be bound
to VEOPENNL.PUB.VESOFT when they are loaded.

It looks as though all PowerHouse applications are invoked using a
variety of UDCs, all of which seem to funnel through a single UDC, named
PHRUNPROG, which contains a single RUN command, which potentially
contains a number of libraries in its XL list.  I propose simply to add
VEOPENNL.PUB.VESOFT to the end of that list.

Is it that simple?  Will that work?  I spoke with support folks at both
VESOFT and Cognos this morning, but neither really knew anything about
the other.  To his benefit, the Cognos support analyst invited me to
share what I found out, to be added to their knowledge base.

Thanks for any help you can provide.  I apologize if this message is a
great deal longer than it needs to be.

Walter, a stranger in PowerHouse paradise

Walter J. Murray