One feature of the Application
Dispatcher lets you view the SAS log. This helps when developing an
application. However, it creates a potential security risk in a production-level
application. Programs of the type .SAS, .SOURCE, and .MACRO all submit
statements that appear in the log. SAS Component Language (SCL) statements
do not appear in the log, but statements submitted by using an SCL
submit block do appear. (SCL is available with
SAS/AF software).
You can accomplish many
of the same tasks in SCL that you can by using these other program
types. SCL is the most secure program type. If you create your Application
Dispatcher program with SCL and the user attempts to return the SAS
log, your program statements do not appear. Also, SCL is more
secure because it is a compiled language. Compiled macros (.MACRO
program types) share this feature. Using SCL lets you compile the
program and delete the readable source. This prevents someone from
reading the program statements even if they gained access to the SAS
catalog on the Application Server machine.
Running a .MACRO entry
prints the original source to the SAS log if the MPRINT option is
set. To prevent this, you can include the following statement in a
request init program:
options nomprint;