× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. March 2008

Re: _cipher API vs Qc3Encrypt/Qc3DecryptData vs SQL

Mark,

Not a bad idea, although it has its limitations. One of them is that it still requires application changes. Another is that it applies on a program by program basis, so any access outside of the RPG program would not have the functionality.

-mark


At 3/27/08 09:29 AM, you wrote:
Hi, Mark:

It occurs to me that, absent "read triggers" that will let you alter the
data returned in the buffer, you could use RPG Special Files. The
special file routine acts as an "I/O module" and it can contain whatever
logic is required to access the "real" table or file, and can decrypt
fields, etc.

Once you plug in the "special file" the rest of your RPG application
logic remains essentially the same.

One special file program (routine) can be used by as many "client" RPG
programs as needed, to access tables or files with built-in decryption.

The special file routine can of course also check the current job userID
to ensure they are authorized to the data, etc.

Mark

> M. Lazarus wrote:
> Mark,
>
> No, it would not defeat the purpose of the encryption at
> all. Since it's a trigger I would have the option of adding my
> application logic to allow only those authorized.
>
> Also, if the tape containing the DB file disappears, the raw data
> is still encrypted.
>
> It would be a *vast* improvement over what we have now. Currently,
> the file format must change. Therefore, in some way, the application
> must change. A read trigger would allow me to keep the same file
> format by separating the encrypted field(s) into another file and the
> trigger would decrypt the data if allowed and would map the decrypted
> data (or even some error text!) back to the triggering program's
> input buffer. The original application need have no knowledge that
> anything different happened since encryption was implemented.
>
> I don't really understand why IBM imposed this limitation.
>
> -mark
>
>
> At 3/26/08 09:56 AM, you wrote:
>
>> But that would totally defeat the purpose of encrypting the data in
>> certain fields, wouldn't it? Once such a "read trigger" was in place, if
>> it could decrypt the data and return that data in the buffer, then any
>> program that accesses (reads) the file (even DSPPFM, etc.) would then
>> see the unencrypted data! :-o
>>
>> > M. Lazarus wrote:
>>
>>> Bruce,
>>>
>>> Are there any plans that you know of to allow changing a read
>>> trigger buffer? This limitation is a *major* barrier to retrofitting
>>> encryption onto existing databases.
>>>
>>> -mark
>>>
>
>
--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.