SSAE 16 Certification (GRX)

Mike Schwartz mschw at athenet.net
Thu Dec 20 09:21:41 PST 2012 

> filePro(r) 5.0.14
> Windows environment. (Server 2008) (WinXP, Win7 workstations)
> 
> Our company is trying to become SSAE 16 certified.  Upon review there were
> several issues regarding filePro(r).  Some we can handle, and some we are
> trying to figure out.  One of their findings was with passwords.  To be
specific,
> they wanted to see at least 90 day expiration of passwords.  Minimum
length
> 6-8 characters.  A password history of 6.  Password complexity requirement
> enabled (combo of alpha and numeric characters).

     You don't mention exactly where you are using these passwords, but
everything in this email could be handled by embedding INPUTPW commands into
key spots your filePro processing tables.  Because filePro now allows for
"library" processing tables to be shared across filePro files, you could
probably write just one password authentication processing table that you
call from within automatic processing on each of your data-entry-point
filePro files.

      This "master password" prc could have lookups to a filePro file of
passwords that are unique to each user.  With a little bit of coding, you
could write rules for 90 day expiration, 6-8 characters and so forth.  You
could even store password recovery features, such as "Mother's maiden name".
Make sure you carefully protect this master password table, of course...
 
> Also, as it pertains to menu passwords, we only have one password assigned
> to a menu that many users know.  They would like to see individual
> passwords for each user to that menu.

     If every filePro file is protected by the password scheme listed above,
there wouldn't be any need for menu passwords.  Let the user see the menus.
Without the proper automatic processing passwords, they would be blocked
from getting into  any of the files that the menu points to.

     If it would be too tedious for users to enter passwords in every time
they enter each filePro file, you could setup a password query through
either a Windows batch script that asks them for a unique password or from
some sort of password protected filePro processing table with a system call
that launches the menu.  
 
> Also does anyone use any type of version control software with filePro(r)?
> They want a more comprehensive way of tracking program changes than the
> one that we use, which is pretty much just commenting within our code.

    I have used CVS versioning control on Unix systems with filePro and it
worked great (as long as all your programmers don't try to do end-runs
around it...)  CVS does have a Windows version, but I've not used that.
(CVSNT is one of the paid, supported versions if your SSAE certifiers insist
that you do not use any public domain software...)

    However, a simpler version control method is to save everything you do
with a dated name BEFORE you begin work on it.  For example, if you will be
working on screen.0, save it as screen.0-mjs122012 BEFORE you modify it.  As
far as processing tables, if you need to see what has changed between
versions, you can use the windows "FC" command, or install one of the file
"diff" commands that has been ported from Unix to Windows.     

Mike Schwartz     

> Chris Sellitto

More information about the Filepro-list mailing list