From: Asphalt Blazer on
Hi,
I would like to use AUTHENTICATION=DATA_ENCRYPT parameter on my
database for increased security. But I cannot find any in depth
articles about it on the internet. I would like to know about the
following:

1. If the data (SQL) is encrypted, will dynamic SQL snaphots show the
SQL or does it show it in an encrypted format? Or is there a setting
that needs to be done?

2. If type 4 drivers are used by the clients and they do not catalog
the databases on the clients, will they be automatically using
DATA_ENCRYPT or will it default to SERVER. Also, when using
DATA_ENCRYPT, does the database need to be cataloged on the client
even when using Type 4 drivers?

3. Are there any issues that this group has encountered regarding
using DATA_ENCRYPT.

From: John on
On Feb 16, 10:24 am, Asphalt Blazer <asphaltbla...(a)gmail.com> wrote:
> Hi,
>      I would like to use AUTHENTICATION=DATA_ENCRYPT parameter on my
> database for increased security. But I cannot find any in depth
> articles about it on the internet. I would like to know about the
> following:
>
> 1. If the data (SQL) is encrypted, will dynamic SQL snaphots show the
> SQL or does it show it in an encrypted format? Or is there a setting
> that needs to be done?
>
> 2. If type 4 drivers are used by the clients and they do not catalog
> the databases on the clients, will they be automatically using
> DATA_ENCRYPT or will it default to SERVER. Also, when using
> DATA_ENCRYPT, does the database need to be cataloged on the client
> even when using Type 4 drivers?
>
> 3. Are there any issues that this group has encountered regarding
> using DATA_ENCRYPT.

Try this link...

http://lmgtfy.com/?q=db2+data+encryption+and+security+data_encrypt
From: Asphalt Blazer on
On Feb 22, 11:55 am, John <jgleip...(a)gmail.com> wrote:
> On Feb 16, 10:24 am, Asphalt Blazer <asphaltbla...(a)gmail.com> wrote:
>
>
>
> > Hi,
> >      I would like to use AUTHENTICATION=DATA_ENCRYPT parameter on my
> > database for increased security. But I cannot find any in depth
> > articles about it on the internet. I would like to know about the
> > following:
>
> > 1. If the data (SQL) is encrypted, will dynamic SQL snaphots show the
> > SQL or does it show it in an encrypted format? Or is there a setting
> > that needs to be done?
>
> > 2. If type 4 drivers are used by the clients and they do not catalog
> > the databases on the clients, will they be automatically using
> > DATA_ENCRYPT or will it default to SERVER. Also, when using
> > DATA_ENCRYPT, does the database need to be cataloged on the client
> > even when using Type 4 drivers?
>
> > 3. Are there any issues that this group has encountered regarding
> > using DATA_ENCRYPT.
>
> Try this link...
>
> http://lmgtfy.com/?q=db2+data+encryption+and+security+data_encrypt

Thank You John.
But with all due respect, if I could use google and get the answers to
my questions, then I needn't have spent time asking questions here.
Obviously I have searched before I posed the questions here.

As I said in my previous email, I could not find any in depth
articles. If I am wrong and you have a link to a specific article,
please feel free to post the link.
From: Ian on
On 2/16/10 10:24 AM, Asphalt Blazer wrote:
> Hi,
> I would like to use AUTHENTICATION=DATA_ENCRYPT parameter on my
> database for increased security. But I cannot find any in depth
> articles about it on the internet. I would like to know about the
> following:
>
> 1. If the data (SQL) is encrypted, will dynamic SQL snaphots show the
> SQL or does it show it in an encrypted format? Or is there a setting
> that needs to be done?

No. DATA_ENCRYPT encrypts communication on the wire between client and
server. The idea is to prevent someone from inspecting TCP/IP packets
coming down the wire. Nothing else. My understanding (although I could
be wrong) is that the encryption is fairly weak -- and this is one of
the reasons why SSL is now supported.

SQL snapshots are not encrypted, ever. If they contain proprietary
information, you need to control access to the snapshot facility.


> 2. If type 4 drivers are used by the clients and they do not catalog
> the databases on the clients, will they be automatically using
> DATA_ENCRYPT or will it default to SERVER. Also, when using
> DATA_ENCRYPT, does the database need to be cataloged on the client
> even when using Type 4 drivers?

When a DB2 client connects to the DB2 server, it "talks" with the server
to decide how to communicate. If both client and server have been
configured in the same manner (i.e. AUTHENTICATION = DATA_ENCRYPT on
the server and the client is aware of this ahead of time) then
everything is simple. If the client does not know what the server's
AUTHENTICATION parameter is set to, the client and server negotiate
to get the value of AUTHENTICATION.