ENCRYPTION - Basic Teradata Query

Basic Teradata Query Reference

Basic Teradata Query
Release Number
May 2017
English (United States)
Last Update
Product Category
Teradata Tools and Utilities


The SET ENCRYPTION command toggles request-level Full-Stream Encryption ON or OFF. The initial value for the setting is based on the value of CLI's clispb.dat file data_encryption entry. When the command is used with neither ON or OFF specified, BTEQ sets ENCRYPTION to ON.

Choosing which requests are encrypted and which are sent in clear text format is important because encryption can be an expensive task for processor resources and elapsed time.

If the ERRORLEVEL command has not been used, its value is ON by default.


where the following is true:

Encryption is turned on.
Encryption is turned off.

Usage Notes

If a client application is configured to encrypt a request, the response to that request is also encrypted. This function is important to BTEQ users transferring client-side files to servers to create User defined Functions, Types, or Stored Procedures. Turning ON encryption for these requests helps prevent a “man in the middle” scenario in which a network interloper can concentrate his or her efforts on specific transmissions based on the contents of the corresponding request or response.

Since BTEQ does not parse SQL, users, particularly those performing DBA tasks, should use encryption whenever SQL requests are submitted that could otherwise inadvertently disclose a password.

BTEQ automatically enables encryption for one specific interactive mode logon scenario. If BTEQ has detected that the DBS returned notification that the user's password has expired, a prompt is given to enter a new password so that BTEQ can construct and submit a MODIFY USER statement for the user. The password update request is encrypted. BTEQ then goes back to using the pre-existing ENCRYPTION setting.