Adaptive Server Enterprise and Open Server use an encrypted password handshake when the client requests it.
The client application must enable password encryption by calling ct_con_props and setting the CS_SEC_EXTENDED_ENCRYPTION or CS_SEC_ENCRYPTION property. If an Open Client application logs onto a server with both CS_SEC_EXTENDED_ENCRYPTION and CS_SEC_ENCRYPTION set to CS_TRUE, it uses extended password encryption as the first preference.
The Client-Library default encryption handler performs the password encryption required by Adaptive Server Enterprise. Simple client applications that connect to either of these servers do not need an encryption callback. However, Client-Library applications that act as gateways to Adaptive Server Enterprise need to handle password encryption explicitly. These applications must install an encryption callback routine that passes the server’s encryption key to the client and returns the encrypted password back to the server. See “Password encryption in gateway applications”.
In addition, Client-Library applications that connect to an Open Server using a customized password encryption technique must install an encryption callback routine to perform the required password encryption.
For an explanation of the handshaking process for password encryption, see “Security handshaking: encrypted password”.
Do not confuse password encryption with data encryption. An encryption callback encrypts only passwords. Data encryption encrypts all commands and results sent over the connection and is performed by an external security service provider. See “Security features”.