For companies that distribute and install their software on customer’s systems, it is obviously not advisable to leave their sources “unattended” on those systems.
But even without installing the sources, a “smart” user could access the code by simply starting a debug session for programs compiled with the DBGVIEW (*SOURCE / *LIST / *ALL) options, which embed source into the program object. On the other hand, compiling programs without this option complicates debugging operations (which inevitably happen sooner or later …).
Since 7.1, IBM has made available a new option on all ILE program and module compile commands; the Debug encryption key (DBGENCKEY) parameter allows you to specify a source encoding key, a sort of “password” that allows you to distribute perfectly debuggable programs without allowing others access the source code (unless you know the encryption key).
Let’s compile a program specifying this option:
Create SQL ILE RPG Object (CRTSQLRPGI) Type choices, press Enter. Print file . . . . . . . . . . . QSYSPRT Name Library . . . . . . . . . . . *LIBL Name, *LIBL, *CURLIB Debugging view . . . . . . . . . *source *NONE, *SOURCE Debug encryption key . . . . . . DeBuGKey User profile . . . . . . . . . . *NAMING *NAMING, *USER, *OWNER Dynamic user profile . . . . . . *USER *USER, *OWNER Sort sequence . . . . . . . . . *JOB Name, *JOB, *HEX, *JOBRUN...
Like all passwords, the debug encryption key is also case-sensitive.
To “cheat” the debugger we now rename the source; otherwise, since the program was compiled on the same system and the source exists, the debug session would normally start with the source view.
RNMM FILE(MDUCA1/QRPGLESRC) MBR(TESTR06) NEWMBR(TESTR06$)
Starting the debug session for this program, the encryption key is required:
Enter Decryption Key Source file . . : QCLSRC Module . . . . . : TESTR06 Source library . : MDUCA1 Library . . . . : MDUCA1 Source member . : TESTR06 Current View: ILE RPG Listing View Type Decryption Key, press enter. Bottom F3=Exit F12=Cancel
If you do not enter the key, you are only allowed to a “blind” debug…
Display Module Source Program: TESTR06 Library: MDUCA1 Module: TESTR06 (Source not available.)
The request screen allows a maximum of three attempts to enter the key, after three errors the key is no longer required and you enter directly in “blind” debug mode.
Thanks to this feature, you can safely start local or remote debugging sessions without risking that someone could snoop in your code.