Considerations for certain passwords being sent as clear text

Although the IBM® i operating system supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD.

See the Add Relational Database Directory Entry (ADDRDBDIRE) command and the Change Relational Database Directory Entry (CHGRDBDIRE) command in Working with the relational database directory for more information.

If the system to which the connection is made allows the *USRIDPWD security option, the connection password can flow unencrypted. The SQL SET ENCRYPTION PASSWORD statement and the ENCRYPT function can also cause passwords to flow over the network unencrypted. Currently, there are two possible solutions for encrypting data streams. One is to use IPSec. As the other possibility, if you are using a client that supports SSL, you can use that protocol to encrypt data transmitted to and from an IBM i server system.

Parent topic: Elements of security in a TCP/IP network
Related concepts:
Internet Protocol Security Architecture
Related reference:
Working with the relational database directory
SET ENCRYPTION PASSWORD statement