Adaptive Server and SQL Server versions 10.0 and later use an encrypted password handshake when the client requests it. Servers based on Open Server version 10.0 or later may also use this feature.
The client application must enable password encryption by calling ct_con_props and setting the CS_SEC_ENCRYPTION property.
Client-Library’s default encryption handler performs the password encryption required by SQL Server and Adaptive Server. Simple client applications that connect to either of these servers do not need an encryption callback.
However, Client-Library applications that act as gateways to Adaptive Server or SQL Server need to handle password encryption explicitly. These applications must install an encryption callback routine that passes the server’s encryption key to the client and returns the encrypted password back to the server. See “Password encryption in gateway applications”.
In addition, Client-Library applications that connect to an Open Server using a customized password encryption technique must install an encryption callback routine to perform the required password encryption.
For an explanation of the handshaking process for password encryption, see “Security handshaking: encrypted password”.
Do not confuse password encryption with data encryption. An encryption callback encrypts only passwords. Data encryption encrypts all commands and results sent over the connection and is performed by an external security service provider. See “Security features” for more information.