By default, the ASE ODBC Driver sends plain text passwords over the network to ASE for authentication. However, ODBC Driver also supports symmetrical and asymmetrical password encryption, and you can use this feature to change the default behavior and encrypt your password before they are sent over the network.
The symmetrical encryption mechanism uses the same key to encrypt and decrypt the password whereas an asymmetrical encryption mechanism uses one key (the public key) to encrypt the password and another key (the private key) to decrypt the password. Because the private key is not shared across the network, the asymmetrical encryption is considered more secure than symmetrical encryption. When password encryption is enabled, and the server supports asymmetric encryption, this format is used instead of symmetric encryption.
To enable password encryption, you must set the EncryptPassword connection property, which specifies whether the password is transmitted in encrypted format. When password encryption is enabled, the password is sent over the wire only after a login is negotiated; the password is first encrypted and then sent. The EncryptPassword values are:
0 – Use plain text password. This is the the default value.
1 – Use encrypted password. If it is not supported, return an error message.
2 – Use encrypted password. If it is not supported, use plain text password.
To use the password encryption feature, you require
a server that supports extended password encryption, such as ASE
15.0.2.
When using asymmetrical encryption, you may experience
a slight delay in login time due to the additional processing time
required for asymmetrical encryption.
