ENABLE User Program
ENABLE can be used to develop a simple application to perform basic data I/O opera-
tions, without coding source programs. It allows the user to:
Control the format of the screen displayed by the application
Limit the types of operations (delete, insert, read, or update) that the application
can perform on a data base file
Provide an application to view and update databases
The components of ENABLE are:
ENABLE
ENABAPPS
ENABLEGS
ENABLOBJ
ENABPATS
The tasks performed by an ENABLE application, like a Pathway, are divided
between requestors and servers.
A requestor displays the data entry screen, accepts the data entered from the termi-
nal, and passes the data to programs that update the database.
A server adds, alters, and retrieves information from the data base.
ENABLE generates a SCREEN COBOL requestor program to manage the dis-
play screens and accept requests. ENABLE supplies a server program that accesses the
database and performs the requested operations. ENABLE also produces a third com-
ponent, a command file used to execute the application under a PATHWAY system.
ENABLE is most often used as a developer’s tool for testing and modeling applica-
tion databases. Securing the compiler object file controls the use of the language.
Access to the C language components is required for compilation.
RISK ENABLE allows anyone with read access to data files and their corre-
sponding dictionary to create an application against the data, with the potential
of exposing sensitive information such as account numbers and social security
numbers.
Part 6
ENABLE User Program 285
RISK ENABLE also provides a vehicle to update sensitive data in Enscribe
databases, to which a user has
WRITE access.
Secure databases from unauthorized queries by granting
READ access to only those
users who need to view secure data to perform their jobs. There is no way to audit or
limit the contents of the ENABLE application. ENABLE should not be available on a
secure system.
RISK On development systems, ENABLE can be made available for use by
developers by securing it “NUNU”. ENABLE will only allow access to data dic-
tionaries to which the individual developer has access.
Securing ENABLE Components
BP-FILE-ENABLE-01 ENABLE should be secured “UUNU”.
BP-OPSYS-OWNER-02 ENABLE should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLE must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-02 ENABAPPS should be secured “NUNU”.
BP-OPSYS-OWNER-02 ENABAPPS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABAPPS must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-03 ENABLEGS should be secured “UUNU”.
BP-OPSYS-OWNER-02 ENABLEGS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLEGS must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-04 ENABLOBJ should be secured “UUNU”.
BP-OPSYS-OWNER-02 ENABLOBJ should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABLOBJ must reside in $SYSTEM.SYSTEM.
BP-FILE-ENABLE-05 ENABPATS should be secured “NUNU”.
BP-OPSYS-OWNER-02 ENABPATS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENABPATS must reside in $SYSTEM.SYSTEM.
If available, use Safeguard or a third party object security product to grant access
to ENABLE object files only to users who require access in order to perform
their jobs.
BP-SAFE-ENABLE-01 Add a Safeguard Protection Record to grant appropri-
ate access to the ENABLE object file.
286 ENABLE User Program

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.