2

This is the code which IBM official page recommends to handle a VSAM password protected file:

INPUT-OUTPUT SECTION.
FILE-CONTROL.
    SELECT LIBFILE
      ASSIGN TO PAYMAST
      ORGANIZATION IS INDEXED
      RECORD KEY IS EMPL-NUM
         PASSWORD IS BASE-PASS
      ALTERNATE RECORD KEY IS EMPL-PHONE
         PASSWORD IS PATH1-PASS
. . .
WORKING-STORAGE SECTION.
01  BASE-PASS          PIC X(8) VALUE "25BSREAD".
01  PATH1-PASS         PIC X(8) VALUE "25ATREAD".

But as you can see, the password is in plain text. What is the most elegant way to store this kind of credentials in zOS so I can access from a COBOL program?

mllamazares
  • 7,876
  • 17
  • 61
  • 89
  • 1
    As cschneid say's use the **Security Manager**. Typically all security measures are controlled by a single group in ZOS. File based security died a long time ago (1970's ???) on ZOS. Even in the 1980's it was not used where I worked. – Bruce Martin Jun 15 '20 at 23:14
  • A simple obfuscation could be rot13, but, yeah, seriously, use SAF security. Passwords are seriously 1970s. There’s only one reason these days for a password in SYS1.UADS (TSO) and that’s for a 1- or 2-pack rescue IPL volume – zarchasmpgmr Jun 19 '20 at 17:28

1 Answers1

4

Don't do this. Use your External Security Manager (probably ACF2, RACF, or Top Secret) instead. Talk to your shop's security people.

cschneid
  • 10,237
  • 1
  • 28
  • 39