× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2009

Re: SQL - SET ENCRYPTION PASSWORD

Eftimios Pantzopoulos wrote:

I've been researching/developing some encryption software over recent
weeks (and do appreciate previous advice), however I'm now curious
about the 'SET ENCRYPTION PASSWORD' statement, especially with regard
to its scope. If the statement is used, does it mean the default
password for all uses of the ENCRYPT function is whatever is in
effect as a result of the SET ENCRYPT PASSWORD? I saw a reference to
its scope being set at a job or program level, but no information as
to how to set it at either of those levels. Any references please?

I presume this means that if I use the statement within STRSQL, then
the password will be effective for the life of the on-line job. If I
use it in a script via RUNSQLSTM in a batch job, then it will be
effective for the life of the batch job? For a program scope I'm at a
loss to know what that means.


http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/db2/rbafzmstsetep.htm
In the _Notes_ section at that link, the fourth entry suggests:
"Encryption password scope: The scope of the default
encryption password and default encryption password
hint is the activation group and connection."

From that I infer the various scopes are always within any one job, and can be described by...

- for OPM [no activation group] the scope is to the job for its *LOCAL connection; i.e. given the effective inability to release the *LOCAL connection.
- for each activation group [i.e. default, named, and *new] the scope is to the [extent\life of that] activation group for its *LOCAL connection within the job; *new is reclaimed at program end, default is effectively for life of job like OPM per no reclaim\tear-down feature for the dftactgrp, and until RCLACTGRP ends a named actgrp.
- for either\both case [i.e. ACTGRP & no-ACTGRP] the scope is to [the extent\life of] each of their remote connections; i.e. until implicit or explicit RELEASE CONNECTION.

I infer then within any scope, a new SET statement should change the password [and hint] for all other _programs_ [within that same scope]; i.e. the pwd+hint are never really scoped to any one program [invocation] except when enforced either by ACTGRP(*NEW) or some unenforceable rule ensuring that no two programs shared a named activation.?

Regards, Chuck

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.