LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (January 2007, week 3)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Tue, 16 Jan 2007 17:24:00 -0500
Reply-To:     "Lamias, Mark (CDC/CCID/OD) (CTR)" <bnz6@CDC.GOV>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Lamias, Mark (CDC/CCID/OD) (CTR)" <bnz6@CDC.GOV>
Subject:      Re: Secure method of FTPing data
Comments: To: ben.powell@CLA.CO.UK
Content-Type: text/plain; charset="us-ascii"


Indeed, I've actually used PGP in the past to encrypt data using
external calls (via the X command) to PGP's command line utility with
the following macro:


/*Encrypt the CSV File Created in Previous Step*/
%macro encrypt;
x "pgp -tea +force c:\HF\SASExtracts\Extract&todaydate..txt
<&recipient>";
run;
%mend;
%encrypt;


%let recipient=mlamias@cdc.gov; /*The public key for PGP encryption*/
%encrypt;


Then, SAS automatically FTP's the encrypted file.


It worked well and met NIST standards for encryption and transmission of
data at the time.


Mark J. Lamias
SAIC Statistical Consultant
Office of Informatics
National Center for Preparedness, Detection, and Control of Infectious
Diseases
Coordinating Center for Infectious Diseases
US Centers for Disease Control and Prevention


-----Original Message-----
From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of
ben.powell@CLA.CO.UK
Sent: Tuesday, January 16, 2007 10:32 AM
To: SAS-L@LISTSERV.UGA.EDU
Subject: Re: Secure method of FTPing data


Thanks for the tip!


Rgds.


On Tue, 16 Jan 2007 05:22:07 -0800, MikeInWV <mikeslover@GMAIL.COM>
wrote:


>If possible, look into using PGP software to encrypt the file before
>sending it to an FTP server.  You can obtain it from
>http://www.gnupg.org
>
>One note---the recipient would need to have PGP and provide you with
>their public key.  I have recently gone through this process and it
>works well.
>
>
>ben.powell@CLA.CO.UK wrote:
>> On Mon, 15 Jan 2007 20:50:50 -0800, daniel_coppin@BRADYCORP.COM
wrote:
>>
>> >I am using the following code in SAS EG to send a pipe delimited
file
>> >to an external FTP site:
>> >
>> >filename create ftp "data.txt"
>> >  host="ftp.xxxx.com"
>> >  user="xxxx"
>> >  pass="xxxx";
>> >data _NULL_;
>> >  set TABLE1;
>> >  file create DSD DLM='|';
>> >if _n_ eq 1 then put "Account|Contact";
>> >put
>> >AccountNo
>> >ContactNo;
>> >run;
>> >
>> >While I am happy that the FTP site is secure, I'm concerned that the
>> >data may not be secure as it travels between the SAS server and FTP
>> >site, and am looking for a way of making it more secure.
>> >
>> >I am unable to export the data first (and then zip/password protect
it)
>> >because of speed/bandwidth limitations.
>>
>>
>> why not? This should take no more speed/bandwidth than creating the
dataset
>> in the first place?
>>
>>
>> >
>> >Is there any way to password encypt (either by zipping or not) a
file
>> >within SAS before sending it?
>> >
>> >Any help or advice is appreciated...
>>
>>
>> FTP is an insecure protocol so you need to encrypt the file before it
is
>> sent. SAS has some options to do this, though since you are ftp'ing a
>> dataset bolting on a 7z script would also make sense. Bear in mind
you
need
>> a secure means to transfer the password... and keep that secure too,
and
>> the security for that...
>>
>> HTH.
Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu