Skip to Content
Author's profile photo Utpal Bhatt
Utpal Bhatt
April 2, 2018 1 minute read

Session and Command-level On-demand Encryption in SAP Adaptive Server Enterprise

SAP ASE comes with several encryption options allowing you to comply with your security requirements. This blog will cover session and command level on-demand encryption for SAP ASE server.

On-demand Encryption

On-demand encryption allows you to issue encrypted commands and system procedures as needed, for a full isql session, and on an ad hoc basis for individual commands containing sensitive data.

Session-Level Encryption

Encrypt all of your commands in a session using the --command_encryption or --conceal command-line options.

In this example, the guest login encrypts the entire isql session.

isql -Uguest -P<password> -Smyase --command_encryption

Additionally, specifying the --conceal command-line option hides and encrypts your input during the isql session.

isql -Uguest -P<password> -Smyase --conceal

Note: Use  --command_encryption when the isql session contains sensitive data. Use --conceal when you enter visually sensitive data (for example, passwords).

Command-Level Encryption

You can encrypt individual commands by adding encrypt to the go command terminator for isql. Note that only the particular command will be encrypted; no subsequent commands are encrypted unless you have added encrypt.

For example, this encrypted command modifies the password for a login from “master” to “password123”:

alter login test with password 'master' modify password 'password123'
go encrypt

Using the @@prev_batch_encrypted variable to get the status of command encryption

You can use the <@@prev_batch_encrypted> global variable to find out whether your previously executed commands were sent encrypted.
This global variable checks the encryption status of the most recently executed batch of commands in the current user session. A return of 0 indicates that the server received the command as plain text; a return of 1 indicates that the commands were received encrypted.

For more information, see documentation for SAP Adaptive Enterprise version 16.0 SP03 PL03 on the SAP Help Portal.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.