Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Transparent Data Encryption : Transparent Data Encryption in OpenEdge RDBMS : Data security : Data Storage
Data Storage
Transparent data encryption ensures that your data's encryption cannot be reversed by anyone except for trusted database user accounts and database administrators. Transparent Data Encryption encrypts a databases private data to ensure that the private data remains encrypted in all of its storage locations.
The granularity of encryption is at the database storage object level. You can selectively configure individual database storage objects for encryption. Database objects where private data can be encrypted are:
*Type II storage area objects—tables, LOBs, indexes—at the object level.
*Type I storage area—designated at the level of granularity of the area. This means that all tables, LOBs, and indexes in an encrypted Type I storage area are encrypted.
*AI notes files
*BI notes files
A databases private data can be exposed to intruders outside the physical database storage. To retain data privacy (encryption) OpenEdge also enables data encryption for:
*PROBKUP file sets
*OpenEdge audit data
*Intermediate data transfer files used for binary dump and load and Audit archive and load. Note that for these transfer files, container security is utilized. This is different than object security and uses a different cipher than the object(s) in the transfer file.
Certain database objects cannot be encrypted. These restrictions are:
*Any (OpenEdge or application) table or index in the Schema area (Area 6)
*Any tables and indexes in the area Encryption area, where encryption policies are stored. Users are prevented from defining objects in the Encryption area.
*The Control area (Area 1)
*TL areas (for 2-phase commit)
For ABL and SQL clients, temporary files can contain unencrypted versions of encrypted data. Temporary files are always removed when the client exits. The -t startup parameter to save temporary files is not allowed for encryption-enabled database connections. ABL clients will not start if -t is specified; SQL clients ignore the parameter.
Note: Access to data (decrypted or never encrypted) can be restricted through the use of run time table and field permissions. For more information, see OpenEdge Deployment: Managing ABL Applications or OpenEdge Data Management: SQL Development.