Considerations for certain passwords being sent as clear text

 

Although the i5/OS^® operating system supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD.

See the Add Relational Database Directory Entry command and the Change Relational Database Directory Entry command in Working with the relational database directory for more information.

If the system to which the connection is made allows the *USRIDPWD security option, the connection password can flow unencrypted. The SQL SET ENCRYPTION PASSWORD statement and the ENCRYPT function can also cause passwords to flow over the network unencrypted. Currently, there are two possible solutions for encrypting datastreams. One is to use IPSec. As the other possibility, if you are using an AR that supports SSL, you can use that protocol to encrypt data transmitted to and from an i5/OS AS.

 

Parent topic:

Elements of security in a TCP/IP network

 

Related concepts

Internet Protocol Security Architecture for DDM and DRDA

 

Related reference

Working with the relational database directory
SET ENCRYPTION PASSWORD statement