Considerations for certain passwords being sent as clear text
Although the i5/OS® operating system supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD.
See the Add Relational Database Directory Entry command and the Change Relational Database Directory Entry command in Working with the relational database directory for more information.
If the system to which the connection is made allows the *USRIDPWD security option, the connection password can flow unencrypted. The SQL SET ENCRYPTION PASSWORD statement and the ENCRYPT function can also cause passwords to flow over the network unencrypted. Currently, there are two possible solutions for encrypting datastreams. One is to use IPSec. As the other possibility, if you are using an AR that supports SSL, you can use that protocol to encrypt data transmitted to and from an i5/OS AS.
Parent topic:
Elements of security in a TCP/IP network
Related concepts
Internet Protocol Security Architecture for DDM and DRDA
Related reference
Working with the relational database directory
SET ENCRYPTION PASSWORD statement