tion, payroll data, sales forecasts, customer information, etc. This data must be
sanitized by whatever means possible before it can be used.
RISK If sensitive data is extracted from production databases and moved or
used as test data, the security of the sensitive data is compromised.
Once data has been moved out of production, security controls are often not as
restrictive. Often it is moved to a less restrictive site and access is given to a wide variety
of developers and QA personnel.
AP-ADVICE-TESTDATA-01 Test data should be generated from generic
data or sanitized to eliminate security issues regarding sensitive data.
DEFINEs, ASSIGNs, PARAMs
Some of the methods of communicating information between processes, applications,
within subsystems, etc. are:
DEFINEs
ASSIGNs
PARAMs
DEFINEs
DEFINEs are file-system elements that provide a means for passing information to a
process as a logical name instead of a physical name. For example, DEFINEs can be
used to pass attributes to a process to provide:
An alternate name for accessing a file
To organize the standard working set of ‘pointers’ to system resources
A list of subvolumes to search for a file name
A way to set up attributes for processing
A means of passing attributes to the utility subsystem
The operating system (file system or I/O process) usually processes DEFINEs,
while application programs or run-time libraries process ASSIGNs.
DEFINEs are added, deleted and altered via:
TACL interactively
TACL MACRO files or OBEY files
Pathway server Configurations
Part 7
DEFINEs, ASSIGNs, PARAMs 545
An ATTACHMENT-SET within NETBATCH
The TACLLOCL and TACLCSTM files
A process ‘inherits’ the working set of DEFINEs upon startup.
RISK DEFINEs can be ‘disabled’ by issuing the SET DEFMODE OFF com-
mand within TACL or programmatically.
DEFINE Format
DEFINEs are named sets of attributes and associated values. They specify information
that is meant to be communicated to a new process in a DEFINE.
A DEFINE has the following components:
NAME A unique descriptive name starting with ‘=’ and up to 23
characters.
CLASS A designation of usage class
ATTRIBUTE A defined attribute of the class
VALUE The value associated with the attribute; filename, tape name, etc.
There are eight classes (types) of DEFINEs.
DEFINE TYPE Description
CLASS CATALOG Used to specify the name of an SQL Catalog
CLASS DEFAULTS Used to designate a system default DEFINE
CLASS MAP Used to specify a substitute file name
CLASS SEARCH Used to specify a list of subvolumes for resolving file names
CLASS SORT and SUBSORT Used to specify defaults for the FASTSORT utility
CLASS SPOOL Used to specify the attributes of a spooler job
CLASS TAPE Used to specify the attributes of a file on a labeled tape
CLASS TAPECATALOG Used with the tape cataloging facilities of the DSM/TC
product
Example 1: SQL CATALOG
Define Name =MY_CATALOG
CLASS CATALOG
SUBVOL \SYSA.$DISK11.MYCATS
Example 2: CLASS MAP
Define Name =MY_CODE_FILE
CLASS MAP
FILE \SYSA.$TEST21.TESTAPP.CODES
Example 3: DEFAULTS
Define Name =_DEFAULTS
546 DEFINEs, ASSIGNs, PARAMs
CLASS DEFAULTS
VOLUME $DISK21.MYHOMEV
RISK Using DEFINEs can cause erroneous results if the logical DEFINE is
changed then referenced. For instance, assume that the DEFINE
=MY_CODE_FILE is pointing to a test file. If a TACL command such as FUP
PURGEDATA =MY_CODE_FILE is performed, it will purgedata the file
\SYSA.$DISK21.MASTER.CODES. If the DEFINE is changed to point to a
different file, such as \SYSA.$PROD.PRODAPP.CODES the same command
could erroneously purge the data from the production application file (assuming
allowable security).
RISK Using DEFINEs can mask the ultimate file, process, device, etc. that
will be affected from the user, which can be desirable and undesirable at the
same time.
RISK Ending a TACL session or logging off of TACL deletes any existing
DEFINEs. They must be re-added for each new TACL in order to be in effect
for new processes.
_DEFAULTS DEFINE
This is a system DEFINE that specifies the current default node, volume, subvolume
and catalog for expanding partially qualified Guardian names throughout the system
and subsystems. The _DEFAULTS DEFINE is set with the DEFAULT program.
ASSIGNs
The ASSIGN command within TACL is used to associate the names of a physical
file to a logical file name used in a program, and optionally, to specify the attributes
of such files. The file attributes are used to describe creation or open mode
specifications.
While the operating system (file system or I/O process) usually processes
DEFINEs, application programs or run-time libraries process ASSIGNs. The process
or run-time library processes the incoming ASSIGNs and uses the information within
the code.
Example 1 shows an ASSIGN for an existing file.
Example 1:
ASSIGN MASTERFILE, $DATA1.CUSTMR.MSTFILE
Example 2 shows an ASSIGN with Create File Characteristics
Example 2:
ASSIGN OUTFILE, $DATA2.CUSTMR.NEWMST, EXT 32, CODE 123
Part 7
DEFINEs, ASSIGNs, PARAMs 547

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.