Tom Brennan writes: >Maybe someone can tell me what difference it makes whether the data was >encrypted on disk or not (as some news reports are talking about). I >mean, if I do a SELECT * from an admin id I must be going through the >decrypt process, right?
No, that's not a given. Many financial transaction systems -- handling credit and debit cards, for example -- store sensitive information using various hash functions. (The new IBM z13 includes a new format-preserving encryption standard that's quite handy.) There's also the fact administrative IDs typically shouldn't be allowed to do SELECT * -- and then SELECT * isn't actually SELECT-the-entire-database when you're using MLS. In a reasonably well run shop (or better) DB2 DBAs don't actually get end user data access authority. I can't remember what version of DB2 introduced the more strict role-based separation, but I think it was at least as far back as DB2 Version 8. I'm assuming customers use IBM mainframes and use these wonderful capabilities (and others) IBM provides. Big assumptions, sadly violated too often. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
