Session and Command-level On-demand Encryption in SAP Adaptive Server Enterprise
SAP ASE comes with several encryption options allowing you to comply with your security requirements. This blog will cover session and command level on-demand encryption for SAP ASE server.
On-demand Encryption
On-demand encryption allows you to issue encrypted commands and system procedures as needed, for a full isql
session, and on an ad hoc basis for individual commands containing sensitive data.
Session-Level Encryption
Encrypt all of your commands in a session using the --command_encryption
or --conceal
command-line options.
In this example, the guest login encrypts the entire isql
session.
isql -Uguest -P<password> -Smyase --command_encryption
Additionally, specifying the --conceal
command-line option hides and encrypts your input during the isql
session.
isql -Uguest -P<password> -Smyase --conceal
Note: Use --command_encryption
when the isql
session contains sensitive data. Use --conceal
when you enter visually sensitive data (for example, passwords).
Command-Level Encryption
You can encrypt individual commands by adding encrypt
to the go
command terminator for isql
. Note that only the particular command will be encrypted; no subsequent commands are encrypted unless you have added encrypt
.
For example, this encrypted command modifies the password for a login from “master” to “password123”:
alter login test with password 'master' modify password 'password123' go encrypt
Using the @@prev_batch_encrypted variable to get the status of command encryption
You can use the <@@prev_batch_encrypted>
global variable to find out whether your previously executed commands were sent encrypted.
This global variable checks the encryption status of the most recently executed batch of commands in the current user session. A return of 0
indicates that the server received the command as plain text; a return of 1
indicates that the commands were received encrypted.
For more information, see documentation for SAP Adaptive Enterprise version 16.0 SP03 PL03 on the SAP Help Portal.