Deliver Awesome UI with the most complete toolboxes for .NET, Web and Mobile development
Automate UI, load and performance testing for web, desktop and mobile
A complete cloud platform for an app or your entire digital business
Detect and predict anomalies by automating machine learning to achieve higher asset uptime and maximized yield
Automate decision processes with a no-code business rules engine
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premises data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
Personalize and optimize the customer experience across digital touchpoints
Build, protect and deploy apps across any platform and mobile device
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
I am looking for a way to create my own TDE status report, showing the encryption status of areas and objects.
I thought it might be similar to ABP status, i.e. that I would find a flag in _Area or _StorageObject that I could parse but that doesn't seem to be the case. I checked the Data Dictionary encryption report code and it seems to be using a private API to get encryption status.
The best I have managed so far is to write a program to iterate over storage areas and application objects and, for each one, shell out and run a proutil epolicy view command and pipe in the passphrase. But this command requires me to provide the keystore admin passphrase (which seems odd), whereas the Data Dictionary does not; it just requires the user to be a security administrator.
Also, this approach is sub-optimal because it exposes the passphrase in the command lines of the sub-shells (e.g. os-command silent value( substitute( "echo '&1' | proutil &2 -C epolicy view table &3 -Passphrase", v-admin-phrase, ldbname(1), _file-name ) ) ).
Is there a better way to do this? Is there an accessible schema field that indicates object encryption status, or are these statuses only in _sec-*-policy tables that are inaccessible from ABL?
before you enabled encryption, you added a storage area. in that area there is a table that has all the encryption info for the encrypted objects. 1 or 2 rows per object.
Correct. It contains _sec-db-policy, _sec-obj-policy, and _sec-pwd-policy. I can't read them.
find first _sec-db-policy.
Unknown or ambiguous table _sec-db-policy. (725)
** Could not understand line 1. (196)
I am guessing the AVM contains a restriction to prevent those tables from being accessed.
Just for kicks, I also tried adding "-Passphrase" to my client command line, and provided the admin passphrase. The AVM still doesn't (claim to) see the table.