× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi, Mark:

It occurs to me that, absent "read triggers" that will let you alter the data returned in the buffer, you could use RPG Special Files. The special file routine acts as an "I/O module" and it can contain whatever logic is required to access the "real" table or file, and can decrypt fields, etc.
Once you plug in the "special file" the rest of your RPG application logic remains essentially the same.

One special file program (routine) can be used by as many "client" RPG programs as needed, to access tables or files with built-in decryption.

The special file routine can of course also check the current job userID to ensure they are authorized to the data, etc.

Mark

> M. Lazarus wrote:
Mark,

No, it would not defeat the purpose of the encryption at all. Since it's a trigger I would have the option of adding my application logic to allow only those authorized.

Also, if the tape containing the DB file disappears, the raw data is still encrypted.

It would be a *vast* improvement over what we have now. Currently, the file format must change. Therefore, in some way, the application must change. A read trigger would allow me to keep the same file format by separating the encrypted field(s) into another file and the trigger would decrypt the data if allowed and would map the decrypted data (or even some error text!) back to the triggering program's input buffer. The original application need have no knowledge that anything different happened since encryption was implemented.

I don't really understand why IBM imposed this limitation.

-mark


At 3/26/08 09:56 AM, you wrote:
But that would totally defeat the purpose of encrypting the data in
certain fields, wouldn't it? Once such a "read trigger" was in place, if
it could decrypt the data and return that data in the buffer, then any
program that accesses (reads) the file (even DSPPFM, etc.) would then
see the unencrypted data! :-o

> M. Lazarus wrote:
Bruce,

Are there any plans that you know of to allow changing a read
trigger buffer? This limitation is a *major* barrier to retrofitting
encryption onto existing databases.

-mark


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.