PASSWORD in COBOL is a security mechanism used to protect programs, files, and resources by requiring authentication before access is granted. Think of it as a digital lock that only opens when you provide the correct secret code - it ensures that only authorized users can access sensitive data or execute protected programs.
Imagine a secure building:
PASSWORD in COBOL works the same way - it protects your programs and data from unauthorized access.
Using PASSWORD in COBOL involves defining security parameters, implementing password validation logic, and ensuring secure handling of authentication data.
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859* Basic PASSWORD implementation IDENTIFICATION DIVISION. PROGRAM-ID. PASSWORD-EXAMPLE. SECURITY. "Requires password authentication". DATA DIVISION. WORKING-STORAGE SECTION. 01 USER-PASSWORD PIC X(20). 01 STORED-PASSWORD PIC X(20) VALUE "SECURE123". 01 PASSWORD-MASK PIC X(20) VALUE "********************". 01 ACCESS-GRANTED PIC X(1) VALUE "N". 01 ATTEMPT-COUNT PIC 9(2) VALUE 0. 01 MAX-ATTEMPTS PIC 9(2) VALUE 3. PROCEDURE DIVISION. * Display welcome message DISPLAY "Welcome to Secure System" DISPLAY "Please enter your password: " * Get password input (masked) PERFORM GET-PASSWORD * Validate password PERFORM VALIDATE-PASSWORD * Check if access granted IF ACCESS-GRANTED = "Y" DISPLAY "Access granted. Welcome to the system!" PERFORM MAIN-PROGRAM-LOGIC ELSE DISPLAY "Access denied. Too many failed attempts." END-IF STOP RUN. GET-PASSWORD. * Get password with masking ACCEPT USER-PASSWORD DISPLAY "Password entered: " PASSWORD-MASK. VALIDATE-PASSWORD. * Check password IF USER-PASSWORD = STORED-PASSWORD MOVE "Y" TO ACCESS-GRANTED DISPLAY "Password accepted." ELSE ADD 1 TO ATTEMPT-COUNT DISPLAY "Invalid password. Attempts remaining: " (MAX-ATTEMPTS - ATTEMPT-COUNT) IF ATTEMPT-COUNT < MAX-ATTEMPTS PERFORM GET-PASSWORD PERFORM VALIDATE-PASSWORD END-IF END-IF. MAIN-PROGRAM-LOGIC. * Main program logic here DISPLAY "Executing secure operations..." DISPLAY "Processing sensitive data..."
This example shows basic password authentication with attempt limiting and masking.
| Operation | Syntax | Example |
|---|---|---|
| Define security | SECURITY. "description" | SECURITY. "Requires password" |
| Accept password | ACCEPT password-field | ACCEPT USER-PASSWORD |
| Validate password | IF password = stored-password | IF USER-PASSWORD = STORED-PASSWORD |
| Mask password | DISPLAY mask-characters | DISPLAY "********" |
| Check attempts | IF attempt-count > max-attempts | IF ATTEMPT-COUNT > MAX-ATTEMPTS |
Let's look at some real-world examples of how PASSWORD is used in COBOL applications.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263* File access protection with PASSWORD IDENTIFICATION DIVISION. PROGRAM-ID. SECURE-FILE-ACCESS. SECURITY. "Requires password for file access". ENVIRONMENT DIVISION. INPUT-OUTPUT SECTION. FILE-CONTROL. SELECT SECURE-FILE ASSIGN TO "SECURE.DAT" ORGANIZATION IS SEQUENTIAL ACCESS MODE IS SEQUENTIAL FILE STATUS IS FILE-STATUS. DATA DIVISION. FILE SECTION. FD SECURE-FILE. 01 SECURE-RECORD PIC X(100). WORKING-STORAGE SECTION. 01 FILE-STATUS PIC X(2). 01 USER-PASSWORD PIC X(20). 01 FILE-PASSWORD PIC X(20) VALUE "FILE123". 01 ACCESS-GRANTED PIC X(1) VALUE "N". 01 RECORD-COUNT PIC 9(5) VALUE 0. PROCEDURE DIVISION. * Request file access password DISPLAY "This file requires password access." DISPLAY "Enter file password: " ACCEPT USER-PASSWORD * Validate file password IF USER-PASSWORD = FILE-PASSWORD MOVE "Y" TO ACCESS-GRANTED PERFORM PROCESS-SECURE-FILE ELSE DISPLAY "Access denied. Invalid password." END-IF STOP RUN. PROCESS-SECURE-FILE. * Open and process secure file OPEN INPUT SECURE-FILE IF FILE-STATUS = "00" DISPLAY "File opened successfully." PERFORM READ-FILE-RECORDS CLOSE SECURE-FILE ELSE DISPLAY "Error opening file: " FILE-STATUS END-IF. READ-FILE-RECORDS. * Read and process file records READ SECURE-FILE AT END DISPLAY "End of file reached." DISPLAY "Total records processed: " RECORD-COUNT NOT AT END ADD 1 TO RECORD-COUNT DISPLAY "Record " RECORD-COUNT ": " SECURE-RECORD PERFORM READ-FILE-RECORDS END-READ.
This example shows how to protect file access with password authentication.
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495* Multi-level security system IDENTIFICATION DIVISION. PROGRAM-ID. MULTI-LEVEL-SECURITY. SECURITY. "Multi-level password protection". DATA DIVISION. WORKING-STORAGE SECTION. 01 USER-LEVEL PIC X(1). 01 USER-PASSWORD PIC X(20). 01 ADMIN-PASSWORD PIC X(20) VALUE "ADMIN123". 01 USER-PASSWORD-1 PIC X(20) VALUE "USER123". 01 USER-PASSWORD-2 PIC X(20) VALUE "GUEST123". 01 ACCESS-LEVEL PIC X(1). 01 MAX-ATTEMPTS PIC 9(2) VALUE 3. 01 ATTEMPT-COUNT PIC 9(2) VALUE 0. PROCEDURE DIVISION. * Get user level DISPLAY "Select access level:" DISPLAY "1 - Administrator" DISPLAY "2 - Regular User" DISPLAY "3 - Guest User" DISPLAY "Enter level (1-3): " ACCEPT USER-LEVEL * Get password for selected level DISPLAY "Enter password: " ACCEPT USER-PASSWORD * Validate password based on level PERFORM VALIDATE-LEVEL-PASSWORD * Process based on access level IF ACCESS-LEVEL NOT = "N" PERFORM PROCESS-BY-LEVEL ELSE DISPLAY "Access denied. Invalid credentials." END-IF STOP RUN. VALIDATE-LEVEL-PASSWORD. EVALUATE USER-LEVEL WHEN "1" IF USER-PASSWORD = ADMIN-PASSWORD MOVE "A" TO ACCESS-LEVEL ELSE MOVE "N" TO ACCESS-LEVEL END-IF WHEN "2" IF USER-PASSWORD = USER-PASSWORD-1 MOVE "U" TO ACCESS-LEVEL ELSE MOVE "N" TO ACCESS-LEVEL END-IF WHEN "3" IF USER-PASSWORD = USER-PASSWORD-2 MOVE "G" TO ACCESS-LEVEL ELSE MOVE "N" TO ACCESS-LEVEL END-IF WHEN OTHER MOVE "N" TO ACCESS-LEVEL END-EVALUATE. PROCESS-BY-LEVEL. EVALUATE ACCESS-LEVEL WHEN "A" DISPLAY "Administrator access granted." PERFORM ADMIN-FUNCTIONS WHEN "U" DISPLAY "User access granted." PERFORM USER-FUNCTIONS WHEN "G" DISPLAY "Guest access granted." PERFORM GUEST-FUNCTIONS END-EVALUATE. ADMIN-FUNCTIONS. DISPLAY "Administrator functions available:" DISPLAY "- System configuration" DISPLAY "- User management" DISPLAY "- Security settings" DISPLAY "- Full data access". USER-FUNCTIONS. DISPLAY "User functions available:" DISPLAY "- Data entry" DISPLAY "- Report generation" DISPLAY "- Limited data access". GUEST-FUNCTIONS. DISPLAY "Guest functions available:" DISPLAY "- View reports" DISPLAY "- Read-only access".
This example demonstrates a multi-level security system with different access levels.
PASSWORD supports advanced features for enhanced security and authentication.
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950* Password encryption and hashing IDENTIFICATION DIVISION. PROGRAM-ID. ENCRYPTED-PASSWORD. DATA DIVISION. WORKING-STORAGE SECTION. 01 USER-PASSWORD PIC X(20). 01 ENCRYPTED-PASS PIC X(40). 01 STORED-HASH PIC X(40) VALUE "A1B2C3D4E5F6789012345678901234567890ABCDEF". 01 SALT-VALUE PIC X(8) VALUE "SALT1234". 01 VALIDATION-RESULT PIC X(1). PROCEDURE DIVISION. * Get user password DISPLAY "Enter password: " ACCEPT USER-PASSWORD * Encrypt password for comparison PERFORM ENCRYPT-PASSWORD * Validate encrypted password PERFORM VALIDATE-ENCRYPTED-PASSWORD * Display result IF VALIDATION-RESULT = "Y" DISPLAY "Password accepted." ELSE DISPLAY "Password rejected." END-IF STOP RUN. ENCRYPT-PASSWORD. * Simple encryption example (in real applications, use proper encryption) MOVE USER-PASSWORD TO ENCRYPTED-PASS * Add salt and perform simple transformation STRING USER-PASSWORD DELIMITED BY SIZE SALT-VALUE DELIMITED BY SIZE INTO ENCRYPTED-PASS * In real applications, use proper hashing algorithms * This is a simplified example for demonstration. VALIDATE-ENCRYPTED-PASSWORD. * Compare encrypted passwords IF ENCRYPTED-PASS = STORED-HASH MOVE "Y" TO VALIDATION-RESULT ELSE MOVE "N" TO VALIDATION-RESULT END-IF.
This example shows how to implement password encryption and hashing for enhanced security.
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758* Password expiration system IDENTIFICATION DIVISION. PROGRAM-ID. PASSWORD-EXPIRATION. DATA DIVISION. WORKING-STORAGE SECTION. 01 USER-PASSWORD PIC X(20). 01 STORED-PASSWORD PIC X(20) VALUE "SECURE123". 01 PASSWORD-DATE PIC 9(8) VALUE 20240101. 01 CURRENT-DATE PIC 9(8). 01 EXPIRATION-DAYS PIC 9(3) VALUE 90. 01 DAYS-UNTIL-EXPIRY PIC 9(3). 01 PASSWORD-EXPIRED PIC X(1) VALUE "N". PROCEDURE DIVISION. * Get current date MOVE FUNCTION CURRENT-DATE(1:8) TO CURRENT-DATE * Check password expiration PERFORM CHECK-PASSWORD-EXPIRATION * Get user password DISPLAY "Enter password: " ACCEPT USER-PASSWORD * Validate password IF USER-PASSWORD = STORED-PASSWORD IF PASSWORD-EXPIRED = "Y" DISPLAY "Password has expired. Please change it." PERFORM CHANGE-PASSWORD ELSE DISPLAY "Password accepted. Days until expiry: " DAYS-UNTIL-EXPIRY END-IF ELSE DISPLAY "Invalid password." END-IF STOP RUN. CHECK-PASSWORD-EXPIRATION. * Calculate days since password was set COMPUTE DAYS-UNTIL-EXPIRY = (CURRENT-DATE - PASSWORD-DATE) / 10000 * Check if password has expired IF DAYS-UNTIL-EXPIRY > EXPIRATION-DAYS MOVE "Y" TO PASSWORD-EXPIRED ELSE COMPUTE DAYS-UNTIL-EXPIRY = EXPIRATION-DAYS - DAYS-UNTIL-EXPIRY END-IF. CHANGE-PASSWORD. * Password change logic DISPLAY "Enter new password: " ACCEPT USER-PASSWORD MOVE USER-PASSWORD TO STORED-PASSWORD MOVE CURRENT-DATE TO PASSWORD-DATE DISPLAY "Password changed successfully."
This example demonstrates a password expiration system with automatic expiry checking.
Following these best practices will help you implement secure password systems in your COBOL applications.
| Mistake | Problem | Solution |
|---|---|---|
| Storing plain text passwords | Passwords can be easily read if compromised | Always encrypt or hash passwords |
| No attempt limiting | Vulnerable to brute force attacks | Implement maximum attempt limits |
| Weak password requirements | Easy to guess passwords | Enforce strong password policies |
| Displaying passwords | Passwords visible on screen | Always mask password input |
| No password expiration | Passwords never change | Implement expiration policies |
| Hardcoded passwords | Passwords in source code | Use external configuration |
| Action | Syntax | Example |
|---|---|---|
| Define security | SECURITY. "description" | SECURITY. "Password required" |
| Accept password | ACCEPT password-field | ACCEPT USER-PASSWORD |
| Validate password | IF password = stored-password | IF USER-PASSWORD = STORED-PASSWORD |
| Mask password | DISPLAY mask-characters | DISPLAY "********" |
| Limit attempts | IF attempt-count > max-attempts | IF ATTEMPT-COUNT > MAX-ATTEMPTS |
| Check expiration | IF current-date > expiry-date | IF CURRENT-DATE > EXPIRY-DATE |
1. What is the primary purpose of PASSWORD in COBOL?
2. In which COBOL division is PASSWORD typically defined?
3. How do you validate a password in COBOL?
4. What is a common security practice when handling passwords in COBOL?
5. Which COBOL feature is often used with PASSWORD for enhanced security?
Understanding security concepts in COBOL applications.
Working with file access control and security.
Implementing user authentication systems.
Working with data encryption in COBOL.
Managing access control and permissions.