I’ve discussed and demonstrated validation lists in a number of articles and utilities previously published in this newsletter. On these occasions, I’ve used validation lists to store sensitive session information as well as cryptographic encryption keys. Basically though, you can think of validation lists as password files, storing a user ID and an encrypted password, and as such I’ve also successfully exploited validation lists when developing web applications requiring a secure authorization mechanism.
Although IBM provides native CL commands to create and delete a validation list object, you have to resort to APIs when it comes to creating, changing, retrieving, verifying, or deleting validation list entries. On the one hand, this constraint makes it a bit easier to control who is accessing validation list entries because programming skills are involved, but on the other hand things are also a bit more complicated when it comes to testing and debugging your applications that take advantage of validation lists–not to mention the efforts involved in the administration of the validation list entries. So why not create a few CL commands to close the gap, the first of which is presented in today’s APIs by Example.
Let’s start with a brief description of the validation list entry. A validation list entry is divided into three directly accessible main attributes:
- Entry ID (up to 100 bytes)
- Entry data (up to 1000 bytes)
- Encrypted data (up to 600 bytes)
Each of the above attributes also have a related Coded Character Set Identifier (CCSID) attribute available to identify the CCSID, if any, of the value stored in the Entry ID, the Entry data and the Encrypted data, respectively. Also, the length of each of the attributes must be stored with it, and this requirement has the impact that trailing blanks in the Entry ID, if included in the length specification, actually must be included again when you try to locate this validation list entry. As the example in the Validation List API manual demonstrates this property, “Smith” and “Smith ” are considered different Entry IDs due to the difference in length. As alleged, the Entry ID is where you’d store a user name or identifier, and it constitutes the entry key when you need to retrieve, verify, or delete the validation list entry.