Wow did I initially read the redbook wrong. I read your blog and my
initial impression was that y'all were way off base. However I find it
tough to think Kent Milligan is due for a whiz quiz so I reread the
redbook.
<snip>
5.3 Accidental updates with masked values
The masked values that are returned by a column mask can potentially cause
the original
data value to be accidentally overwritten, especially with applications
using native record-level
access.
For example, consider a table containing three columns of first name, last
name, and tax ID
that is read by an RPG program. The user running the program is not
authorized to see the
tax ID value, so a masked value (*****3333) is written into the program's
record buffer, as
shown Figure 5-1.
In this example, the application reads the data for an update to correct
the misspelling of the
last name. The last name value is changed to Smith in the buffer. Now, a
WRITE request is
issued by the program, which uses the contents of the record buffer to
update the row in the
underlying DB2 table. Unfortunately, the record buffer still contains a
masked value for the tax
ID, so the tax ID value in the table is accidentally set to the masked
value.
<image></image>
Obviously, careful planning and testing should be exercised to avoid
accidental updates with
masked values.
DB2 for i also enhanced its check constraint support in the IBM i 7.2
release with a new ON
UPDATE clause that allows the existing value to be preserved when a masked
value is detected
by a check constraint. Details about how to employ this new check
constraint support can be
found in 6.8.1, “Check constraint solution” on page 108.
</snip>
So basically Kent was right and the check constraint should stop the
errant update. What it doesn't stop is the intentional hack. For
example, if you read the column and RCAC masks it as *****1234 and you do
an update and have the check constraint "on update violation" set that if
the string begins with "*****" to ignore the update of that column you're
all good. But if someone reads *****1234 and sets it to 123456789 it will
write out the whole 123456789.
Section 3.5 and section 5.3 seem to totally conflict.
https://www.redbooks.ibm.com/redpapers/pdfs/redp5110.pdf
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.