Field Encryption on the IBM i just got easier.
SQL Field Procedures are a new DB2 feature in version 7.1 that allows a user-specified "exit" program to be called whenever data is read from, inserted into, or updated in a field (column). This is somewhat similar to database column triggers; however there are two distinct advantages:
- Field Procedures allow data to be modified on a Read operation, which allows the exit program to automatically decrypt the field value before it is returned to the customer's application.
- Field Procedures provide a separate internal space to store the encrypted version of the field value. This allows organizations to encrypt numeric fields such as packed decimal, signed decimal and integer data types without having to store the encrypted values in a separate file.
We're excited about Field Procedures since it will allow customers to implement column-level encryption on the IBM i without modifying their applications. This is especially important if a customer is running a canned application and/or does not want to modify their source code.