As the first step in the decommissioning of sasCommunity.org the site has been converted to read-only mode.


Here are some tips for How to share your SAS knowledge with your professional network.


Tips:Using the SAS Stored Process Web Application: Securing Your SAS Stored Processes by Limiting Debugging Options

From sasCommunity
Jump to: navigation, search

You can limit the debugging information available to users when they use the SAS Stored Process Web Application. Some of the information that is available by default (e.g., server environment variables and parameters, SAS log, etc.) may contain details that should not be publicly available.

The DebugMask parameter can be set in the web.xml file to specify, as a comma-separated list, the values that are allowed. Typically you will want to disallow the Env, Trace, and perhaps the Log options. You can accomplish this by omitting them from the values specified for the DebugMask parameter. The sample code at the right disallows all values of _DEBUG except "fields" and "time".

<servlet>
 <servlet-name>
   storedprocessservlet
 </servlet-name>
 <servlet-class>
   com.sas.services.storedprocess.webapp.StoredProcessServlet
 </servlet-class>
 . . . Other init-param sections snipped . . .
 <init-param>
  <param-name>DebugMask</param-name>
  <param-value>fields,time</param-value>
 </init-param>
</servlet>
 
Submitted By Don Henderson

....see also

....see also