Using VEOPEN with PowerHouse on the HP-3000

[Vissers, Wilbert]

Hi there Walter,  this his may help with part of the requirement:

We've found that the PASSEXEMPT parameter of the JOBSECURITY command in MPE is a good way of getting rid of passwords embedded in many types of jobstreams and code.  PASSEXEMPT=USER allows someone to stream their own jobs without being re-prompted for passwords, and so means their passwords no longer need to be embedded.  PASSEXEMPT=XACCESS allows someone give execute access to their jobs to selected others, say everyone in a group.  For example JO.BLOGGS can allow her workgroup to stream her jobs without needing to know her passwords.  With these two options security stays intact and embedded passwords can be removed because the ability is only given when the owner has already signed on.

We also use a utility called STREAMJ which allows generic jobstreams to be set up with logons of *USER.*ACCOUNT.  This plus JOBSECURITY covers all our required jobs.  STREAMJ inserts the logon user and account at stream time and streams the job without prompting for passwords. We use this a lot for things such as reports initiated from screens, so that the logon user's defaults are applied.  Its very nice but not 100% because it needs two-way encrypted passwords to be stored in the database to allow STREAMJ to de-crypt them.  Any laxity in source code lockup will let a hacker get to the de-cryption key.  Years ago STREAMJ was available in the contributed library as far as we know.  We can provide if you need, might be a price attached nowdays, not sure, can't be much beyond T&M.

Maybe signon access using the above is enough, depends on far the requirement is asking you to go.  

Yes beyond that, you're into avoiding undesirable access to the database, along the path that you're going with VEOPEN and source code security.  

Hope this contributes.
Wilbert