Hello Patrick, The sensitive data I'm referring to is not the userid/password. There's an external system that is sending to Remedy's web service sensitive data elements/content, ie. Employee ID and pin #. The transfer is SSL enabled fortunately. The problem is that it (EID and pin) ends up being written into the logs readable if mid-tier web services logging is enabled.
Thanks for your feedback. On 1/10/12, patrick zandi <[email protected]> wrote: > sensitive content: you mean userid and password in the clear? > That is the only sensitive content I know of.. > if you have SSL -- all data is encrypted from the physical host to the > physical host. > if no SSL then it is indeed: unencrypted and in the RAW. > > just asking for some clarification > > On Tue, Jan 10, 2012 at 1:46 PM, thojciv <[email protected]> wrote: > >> Hello listers, >> >> We're on ARS 7.1 patch 009, MidTier 7.1 Patch 006. >> >> I've searched through the ARSList and haven't come up with anything >> related >> to my issue. >> I've submitted an Issue with BMC and they don't have a solution. They >> advised me to search for a 3rd party utility for what I'm looking to >> achieve. >> I recieved 0 responses to my posting on BMC's discussion boards. >> So, I hope someone here can offer me some solutions or advice. >> >> Issue: >> Sensitive content is being passed into Remedy web services (an existing >> design that I now have to try and rectify). If mid-tier Web Services >> logging is enabled, the content is visible. We currently have Web Service >> logging disabled but when we need it enabled for troubleshooting, we need >> to >> have a particular data element masked/encrypted (so need to be able to >> selectively mask content if possible). >> >> Is there a 3rd party utility that anyone knows of that can integrate >> "well" >> with Remedy and accomplish this? >> Has anyone developed an in-house application that does this and is willing >> to share the code? >> Or, can someone point me to the jar file(s) that handles the midtier >> logging? >> >> I appreciate all feedback! >> -- >> View this message in context: >> http://old.nabble.com/Mask-Encrypt-Certain-Content-Captured-in-the-Mid-Tier-Logs-tp33114133p33114133.html >> Sent from the ARS (Action Request System) mailing list archive at >> Nabble.com. >> >> >> _______________________________________________________________________________ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" >> > > > > -- > Patrick Zandi > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > -- Chee Thao [email protected] _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
