DB2 Field Procedures (FieldProcs) were introduced in IBM i version 7.1 primarily to help simplify field encryption projects. A FieldProc can be placed on almost any DB2 database field including alphanumeric, packed decimal, zoned decimal, signed numeric, date and time fields. FieldProcs offer two distinct advantages over database triggers:
- FieldProcs allow data to be modified (by the exit program) on a “read” operation. This will allow the exit program to automatically decrypt the field value before it is returned to the user or application. No application changes are therefore needed to decrypt the data, which can dramatically reduce the implementation time for field-level encryption.
- FieldProcs allow the the ‘encoded’ (encrypted) version of the field values to be stored within the existing file. This allows you to encrypt non-alpha field types (e.g. numeric, date, time) without having to store the encrypted values in a separate file.
While IBM provided this “hook” into the database with FieldProcs, they have left it up to the customer or third-party solutions like Powertech Encryption for IBM i to create the FieldProc programs and perform the encryption/decryption functions.
Powertech Encryption for IBM i simplifies the creation and management of FieldProcs through its innovative Field Encryption Registry commands and screens. It encrypts and decrypts the field values (within the FieldProcs) while providing full integration to Powertech Encryption for IBM i’s policy and security controls, key management and audit trails for meeting strict compliance requirements.
Based on authorization lists assigned to the fields, users can be granted access to the fully decrypted field values, restricted to the masked values or can be denied access to any values.
Powertech Encryption for IBM i makes IBM i database encryption quick and easy. Get a free trial to see for yourself.