Data encryption in DB2 database?

If a person has direct access to the database then they could read the
data written by Jazz.

I'm not sure if encrypting the data would help much, because (presuming
they had the ability to get DB access in the first place), they could
likely get the information required to decrypt the data as well.

yanli wrote:

In the backend database of Jazz repositiry (e.g. a DB2 database), the
data is not encrypted (except the user password). That means a
person can read all data in the database as long as he/she finds the
right database logon ID and password. Is this true? Thanks.

I have a client that thinks their project data is highly sensitive. The question that they want to know is something like this: DB2 database can be backed up on tapes - what if the tape is lost - is there another layer of security protection besides the DB2 login ID and password? At this moment, the project data is wide open as long as someone has the db backup and the db admin account/password.

On Wed, 30 Jul 2008 02:07:51 +0000, yanli wrote:

I have a client that thinks their project data is highly sensitive. The
question that they want to know is something like this: DB2 database can
be backed up on tapes - what if the tape is lost - is there another
layer of security protection besides the DB2 login ID and password? At
this moment, the project data is wide open as long as someone has the db
backup and the db admin account/password.

You could use FS encryption to encrypt the tape.

- Dmitry

Hi

This is an interesting question. I am not sure RTC alone can be used to create a secure environment but there might be a way to scramble/encrypt the data on the database at the database driver level. You also have to ask if there is sufficient security when native or web clients talk to the server.

I assume your customer has this kind of problem for other applications - so they would also have levels of security/encryption around their entire infrastructure too.

anthony