Use the SET ENCRYPTION PASSWORD statement to define or reset a session password for encryption and decryption of character, BLOB, or CLOB values. Only Dynamic Server supports this statement, which is an extension to the ANSI/ISO standard for SQL. You can use this statement with ESQL/C.
>>-SET ENCRYPTION PASSWORD--'password'--+-------------------+-->< '-WITH HINT--'hint'-'
Element | Description | Restrictions | Syntax |
---|---|---|---|
hint | String that GETHINT returns from an encrypted argument | (0 byte) ≤ hint ≤ (32 bytes). Do not include the password in the hint. | Expression, p. Expression |
password | Password (or a multi-word phrase) for data encryption | (6 bytes) ≤ password ≤
(120 bytes).
Do not specify your login password. |
Expression, p. Expression |
The SET ENCRYPTION PASSWORD statement declares a password to support data confidentiality through built-in functions that use the Triple-DES or AES algorithms for encryption and decryption. These functions enable the database to store sensitive data in an encrypted format that prevents anyone who cannot provide the secret password from viewing, copying, or modifying encrypted data.
The password is not stored as plain text in the database, and is not accessible to the DBA. This security feature is independent of the Trusted Facility feature.
If the network is not secure, all of the database servers in a distributed query need ENCCSM enabled, so that the password is not transmitted as plain text. For information about how to enable a communication support module (CSM), see your IBM Informix Administrator's Guide.
Operations on encrypted data tend to be slower than corresponding operations on plain text data, but use of this feature has no effect on unencrypted data.
The SET ENCRYPTION PASSWORD statements can be prepared, and EXECUTE IMMEDIATE can process a prepared SET ENCRYPTION PASSWORD statement.
Enterprise Edition Home | Express Edition Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]