Purpose
This control enables users to specify full-stream encryption of requests and responses is to be used at the request-level. The initial value for the setting is based on the value of CLI's clispb.dat file data_encryption entry.
When the command is used and neither ON nor OFF specified, BTEQ sets ENCRYPTION to ON.
Choosing which requests are encrypted and which are sent in clear text format is important because encryption can be an expensive task for processor resources and elapsed time.
Syntax
| Command | Shorthand |
|---|---|
| ENCRYPTION | EN |
where the following is true:
- ON
- Encryption is turned on.
- OFF
- Encryption is turned off.
Usage Notes
If a client application is configured to encrypt a request, the response to that request is also encrypted. This function is important to BTEQ users transferring client-side files to servers to create User defined Functions, Types, or Stored Procedures. Turning ON encryption for these requests helps prevent a “man in the middle” scenario in which a network interloper can concentrate his or her efforts on specific transmissions based on the contents of the corresponding request or response.
Since BTEQ does not parse SQL, users, particularly those performing DBA tasks, should use encryption whenever SQL requests are submitted that could otherwise inadvertently disclose a password.
BTEQ automatically enables encryption for one specific interactive mode logon scenario. If BTEQ has detected that the database returned notification that the user's password has expired, a prompt is given to enter a new password so that BTEQ can construct and submit a MODIFY USER statement for the user. The password update request is encrypted. BTEQ then goes back to using the pre-existing ENCRYPTION setting.
The DEFAULTS command does not affect ENCRYPTION setting.
The ENCRYPTION command is valid in an SQL macro.