× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. March 2008

RE: _cipher API vs. Qc3Encrypt/Qc3DecryptData vs SQL

What good does it do to encrypt a field if on every read you decrypt the field? If you could do this you would give every application, tool, ODBC/JDBC driver that has access to the file an unencrypted view of the encrypted field. Effectively making the encryption null and void. You want to ensure new data that is written is encrypted and only those applications that need the data unencrypted can get it unencrypted and any other application or tool that tries to read the data gets it encrypted. As suggested earlier, creating a view that unencrypts the data would be OK as long as you have tight security on that view.

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of M. Lazarus
Sent: Wednesday, March 26, 2008 11:45 AM
To: RPG programming on the AS400 / iSeries
Subject: RE: _cipher API vs Qc3Encrypt/Qc3DecryptData vs SQL

Bruce,

Are there any plans that you know of to allow changing a read
trigger buffer? This limitation is a *major* barrier to retrofitting
encryption onto existing databases.

-mark


At 3/25/08 02:58 PM, you wrote:
I'm not sure you want to use a trigger for this type of
application. You could certainly encrypt the field using a trigger
on update/write, but the read trigger doesn't allow you to alter the
buffer delivered to the application (at least the last I looked) and
so you would still need application awareness to decrypt the data.

The APIs and the cipher instruction, where they overlap, are
accessing common function found in the Licensed Internal Code. If
it was me, I would tend to go the Qc3 API route only because the
APIs provide quite a bit more in the way of documentation. I
generally use MI only when there is no suitable alternative. And
while IBM supports the use of both MI and System APIs, the support
tends to be more readily at hand with APIs as MI just isn't used all that much.

SQL could certainly be used for this. But if you are not
currently using SQL I'm not sure that I would change over to it for
a one time application enhancement.

Bruce
http://www.brucevining.com/
Providing integrated solutions for the System i user community


Mike Cunningham <mcunning@xxxxxxx> wrote:
True, and that is where I might put it since I do want it to be
always encrypted but I still need to figure out if I do the trigger
with _cipher or Qc3 APIs. I don't think the SQL method would work in a trigger

<snip>

--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.