ENCRYPTION - Basic Teradata Query

Basic Teradata Query Reference

Product
Basic Teradata Query
Release Number
16.20
Published
October 2018
Language
English (United States)
Last Update
2020-02-20
dita:mapPath
kil1527114222313.ditamap
dita:ditavalPath
Audience_PDF_include.ditaval
dita:id
B035-2414
lifecycle
previous
Product Category
Teradata Tools and Utilities

Purpose

This control enables users to specify full-stream encryption of requests and responses is to be used at the request-level. The initial value for the setting is based on the value of CLI's clispb.dat file data_encryption entry.

When the command is used with neither ON or OFF specified, BTEQ sets ENCRYPTION to ON.

Choosing which requests are encrypted and which are sent in clear text format is important because encryption can be an expensive task for processor resources and elapsed time.

Syntax



where the following is true:

ON
Encryption is turned on.
OFF
Encryption is turned off.

Usage Notes

If a client application is configured to encrypt a request, the response to that request is also encrypted. This function is important to BTEQ users transferring client-side files to servers to create User defined Functions, Types, or Stored Procedures. Turning ON encryption for these requests helps prevent a “man in the middle” scenario in which a network interloper can concentrate his or her efforts on specific transmissions based on the contents of the corresponding request or response.

Since BTEQ does not parse SQL, users, particularly those performing DBA tasks, should use encryption whenever SQL requests are submitted that could otherwise inadvertently disclose a password.

BTEQ automatically enables encryption for one specific interactive mode logon scenario. If BTEQ has detected that the DBS returned notification that the user's password has expired, a prompt is given to enter a new password so that BTEQ can construct and submit a MODIFY USER statement for the user. The password update request is encrypted. BTEQ then goes back to using the pre-existing ENCRYPTION setting.