Is anyone using this feature? If so what are your experiences, any pitfalls?



Regards

Colin


There are 10 types of people in the world, those that understand binary andthose that don't


__________________________________________________ _______________
Feel like a local wherever you go.
http://www.backofmyhand.com

I am assuming that you are talking about Encryption CSM (ENCCSM)

Nothing in particular.. but if you just want to encrypt just the password
you can use the other CSM, Simple Password CSM
(This will save the overhead of encrypting everything)
Also, there are four modes for each cipher.. ECB mode is very weak, so
preferably don't use that.
Use the same Mackey file at both ends.

Manoj




Colin Dawson
<cjd_1955@hotmail
.com> To
Sent by: <informix-list (AT) iiug (DOT) org>
informix-list-bou cc
nces (AT) iiug (DOT) org
Subject
IDS10 and Encryption
10/09/2007 09:20
AM


Please respond to
colin@colindawson
.com







Is anyone using this feature? If so what are your experiences, any
pitfalls?



Regards

Colin


There are 10 types of people in the world, those that understand binaryand
those that don't


__________________________________________________ _______________
Feel like a local wherever you go.
http://www.backofmyhand.com
_______________________________________________
Informix-list mailing list
Informix-list (AT) iiug (DOT) org
http://www.iiug.org/mailman/listinfo/informix-list

I'm looking into using column level encryption and was wanting any info on what people have done in that area


Regards

Colin


There are 10 types of people in the world, those that understand binary andthose that don't




________________________________
Subject: Re: IDS10 and Encryption
To: colin (AT) colindawson (DOT) com
From: manojm (AT) us (DOT) ibm.com
Date: Tue, 9 Oct 2007 09:26:53 -0500
CC: informix-list-bounces (AT) iiug (DOT) org; informix-list (AT) iiug (DOT) org


I am assuming that you are talking about Encryption CSM (ENCCSM)

Nothing in particular.. but if you just want to encrypt just the password you can use the other CSM, Simple Password CSM
(This will save the overhead of encrypting everything)
Also, there are four modes for each cipher.. ECB mode is very weak, so preferably don't use that.
Use the same Mackey file at both ends.

Manoj


__________________________________________________ _______________
Celeb spotting – Play CelebMashup and win cool prizes
https://www.celebmashup.com

On 9 Okt, 16:20, Colin Dawson <cjd_1... (AT) hotmail (DOT) com> wrote:
We are using column encryption in 10.00.FC6. Has worked as it should,
no problems. There is of course a price to pay in performance, in our
case it was not a problem. You also have to be aware of the problem
that the data expands when it is encrypted and may not fit into the
assigned space, if so there is no warning, you will lose data.


Regards

Ulf

ENSSSM?

Is that the AES or 3DES encryption in the engine?
(Sorry I know the feature, not the buzz words. ;-)

Yes, I'm using it.

I have a client where I needed to authenticate the user so that I could
limit what they saw and limit others from seeing their work. (Its a sales
force automation tool). Also managers can see what their team(s) are doing.

So I built a security/authentication table. I did field level encryption
(AES) where the user's password was encrypted with the password as the key.
(simple and very effective.) If the user forgot their password or needed to
be locked out of the app, the administrator or her manager could lock that
person out. (Permission based).

Very effective.

The only major drawback to using encryption is that you can't index on the
column. (Unless you want to go in to writing your own index type and
overload the column type ... ;-)

What was your intended app?

-G



__________________________________________________ _______________
Boo!*Scare away worms, viruses and so much more! Try Windows Live OneCare
http://onecare.live.com/standard/en-...wl_hotmailnews

Sorry to confuse you.. I was refering to Encryption over the wire
functionality but now I get it.. you are talking about "Column Level
Encryption".

If I remember correctly... you need to allocate enough space for storing
the encrypted columns.
Also, one needs to create explicit casts when dealing with extended types
like collections, row etc.

Manoj



"Ian Michael
Gumby"
<im_gumby@hotmail To
.com> Manoj Mohan/Lenexa/IBM@IBMUS,
colin (AT) colindawson (DOT) com
10/10/2007 07:11 cc
AM informix-list-bounces (AT) iiug (DOT) org,
informix-list (AT) iiug (DOT) org
Subject
Re: IDS10 and Encryption











ENSSSM?

Is that the AES or 3DES encryption in the engine?
(Sorry I know the feature, not the buzz words. ;-)

Yes, I'm using it.

I have a client where I needed to authenticate the user so that I could
limit what they saw and limit others from seeing their work. (Its a sales
force automation tool). Also managers can see what their team(s) are doing.

So I built a security/authentication table. I did field level encryption
(AES) where the user's password was encrypted with the password as the key.

(simple and very effective.) If the user forgot their password or needed to

be locked out of the app, the administrator or her manager could lock that
person out. (Permission based).

Very effective.

The only major drawback to using encryption is that you can't index on the
column. (Unless you want to go in to writing your own index type and
overload the column type ... ;-)

What was your intended app?

-G



__________________________________________________ _______________
Boo!*Scare away worms, viruses and so much more! Try Windows Live OneCare
http://onecare.live.com/standard/en-...wl_hotmailnews

I'm currently running 9.40.FC8 and will be upgrading to 10.00.FC5 soon, we are about to write an encryption program(s) for financial / personal customer data and was wondering if anyone had done something similar using the built-in encryption


Regards Colin There are 10 types of people in the world, those that understand binary and those that don't > From: im_gumby (AT) hotmail (DOT) com> To: manojm (AT) us (DOT) .ibm.com; colin (AT) colindawson (DOT) com> Subject: Re: IDS10 and Encryption> Date: Wed, 10 Oct 2007 12:11:46 +0000> CC: informix-list (AT) iiug (DOT) org; informix-list-bounces (AT) iiug (DOT) org> > > ENSSSM?> > Is that the AES or 3DES encryption in the engine?> (Sorry I know the feature, not the buzz words. ;-)> > Yes, I'm using it.> > I have a client where I needed to authenticate the user so that I could > limit what they saw and limit others from seeing their work. (Its asales > force automation tool). Also managers can see what their team(s) are doing.> > So I built a security/authentication table. I did field level encryption > (AES) where the user's password was encrypted with the password as the key. > (simple and very effective.) If the user forgot their password or needed to > be locked out of the app, the administrator or her manager could lock that > person out. (Permission based).> > Very effective.> > The only major drawback to using encryption is that you can't index on the > column. (Unless you want to go in to writing your own index type and > overload the column type ... ;-)> > What was your intended app?> > -G> > > >From: Manoj Mohan <manojm (AT) us (DOT) ibm.com>> >To: colin (AT) colindawson (DOT) com> >CC: informix-list-bounces (AT) iiug (DOT) org, informix-list (AT) iiug (DOT) org> >Subject: Re: IDS10 andEncryption> > >> >I am assuming that you are talking about Encryption CSM (ENCCSM)> >> >Nothing in particular.. but if you just want to encrypt just the password> >you can use the other CSM, Simple Password CSM> >(This will save the overhead of encrypting everything)> >Also, there are four modes for each cipher.. ECB mode is very weak, so> >preferably don't use that.> >Use the same Mackey file at both ends.> >> >Manoj> >> >> >> >> > Colin Dawson> > <cjd_1955@hotmail> > .com> To> > Sent by: <informix-list (AT) iiug (DOT) org>> > informix-list-bou cc> > nces (AT) iiug (DOT) org> > Subject> > IDS10 and Encryption> > 10/09/2007 09:20> > AM> >> >> > Please respond to> > colin@colindawson> > .com> >> >> >> >> >> >> >> >Is anyone using this feature? If so what are your experiences, any> >pitfalls?> >> >> >> >Regards> >> >Colin> >> >> >There are 10 types of people in the world, those that understand binary and> >those that don't> >> >> >_________________________________________________ ________________> >Feel like a local wherever you go.> >http://www.backofmyhand..com> >_______________________________________________ > >Informix-list mailing list> >Informix-list (AT) iiug (DOT) org> >http://www.iiug.org/mailman/listinfo/informix-list> ><< graycol.gif >>> ><< pic01886.gif >>> ><< ecblank.gif >>> >> >_______________________________________________ > >Informix-list mailinglist> >Informix-list (AT) iiug (DOT) org> >http://www.iiug.org/mailman/listinfo/informix-list> > __________________________________________________ _______________> Boo! Scare away worms, viruses and so much more! Try Windows Live OneCare > http://onecare.live.com/standard/en-us/purchase/trial.aspx?s_cid=wl_hotmailnews>
__________________________________________________ _______________
100’s of Music vouchers to be won with MSN Music
https://www.musicmashup.co.uk