× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2007

Re: Encrypting data Was: Securing tape backup drive

This wouldn't work with the SQL approach, but if you're willing to look at 
using the cryptographic services APIs the Key Management APIs (introduced 
with V5R4) allow you to have keys that are not visible to (or even in) 
your application programs.  For more information see the Key Management, 
Cryptographic Context, and Encryption/Decryption subcategories under the 
Cryptographic APIs cateogory of system APIs.  When reviewing these APIs 
keep an eye on how key contexts can be created and used.

Bruce Vining




rob@xxxxxxxxx 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
03/20/2007 08:33 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: Encrypting data Was: Securing tape backup drive






Good question.  And the links I sent earlier touch on that, a little.

Keep in mind, that you do meet the requirements that the data is 
encrypted.  And it is encrypted using a "standard", which carries more 
weight than some homegrown that some of us have tried.  Anyone browsing 
the tape for patterns like '123-45-6789' or 9 digit numbers (packed or 
zoned) sure wouldn't find it.

1 - Never put the source on the production machine.  We don't.
2 - Save the programs on a different tape than the data.
3 - Consider not leaving any debug information on stuff with the password 
imbedded.
4 - Consider leaving the password constructed in a service program that 
people must call to use.  Then again, you could have someone, like my 
coworker, who executes it, get's the parameter back, and publishes it to 
the whole department.

For read only you could do something like:

create view rob/vickerduh as 

   (Select mykey, decrypt_char(myssn,'Ben123') as DisplaySSN 
    from rob/vicker) 
  View VICKERDUH created in ROB. 

select * from rob/vickerduh 

....+....1....+....2....+...
        MYKEY   DISPLAYSSN 
            1   289-46-8832 
********  End of data  *****



Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.