Data Encryption
Usage Notes
The Data Encryption field specifies whether or not the messages to and from the Teradata Database for the given request on the given session are to be encrypted. The session encryption process, which could be more accurately described as “Network Traffic Encryption,” provides for user‑enabled full session encryption, including SQL and Data requests and responses.
Language |
Variable Name |
COBOL: |
DBCAREA‑MSG‑SECURITY |
C: DBCAREA.H: |
data_encryption |
Routine |
Action Taken |
DBCHINI: |
writes |
DBCHCL: |
reads (CON; RSUP: IRQ) |
Used by |
Action Taken |
application program |
writes |
Data Encryption is initialized by DBCHINI to the default value provided for Data Encryption in the site’s SPB.
If the value provided is not appropriate for the application, before calling DBCHCL for the Connect, Run Startup, or Initiate Request function, the application program may set:
Users have no control over encryption of the connect (logon) messages. If the GSS or the SSO flags are turned on at the database/Gateway, connect messages will automatically be encrypted. Encryption of all other messages is controlled through the Data Encryption field. For more information on database/Gateway flags, refer to the Gateway Control Utility documentation.
If Data Encryption is Y, messages to the database computer are encrypted before they are placed on the network and decrypted when they reach the database computer, and messages from the database computer are encrypted before they are placed on the network and decrypted when they reach the network‑attached system.
Encryption and decryption take time. It is the application programmer’s responsibility to determine whether any particular request requires encryption. Some applications and sites may not require anything to be encrypted, some may require everything to be encrypted, and some may require selective encryption, for instance, encryption when text contains a password.