Don't tried, but I think that one solution would be to encrypt sensitive information using SSL
There are command line execs that can encrypt using a predefined password. So you can use it by a set action calling the executable. I mean, encrypt the data at the source. Map the web service to a new display field. Add a filter that executes if the display only field contains info, calls the executable through a set action, and put the result in the actual field. Your log will contain the encrypted version for sensible fields. El martes 10 de enero de 2012, Chee Thao <[email protected]> escribió: > Hello Patrick, > > The sensitive data I'm referring to is not the userid/password. > There's an external system that is sending to Remedy's web service > sensitive data elements/content, ie. Employee ID and pin #. The > transfer is SSL enabled fortunately. The problem is that it (EID and > pin) ends up being written into the logs readable if mid-tier web > services logging is enabled. > > Thanks for your feedback. > > On 1/10/12, patrick zandi <[email protected]> wrote: >> sensitive content: you mean userid and password in the clear? >> That is the only sensitive content I know of.. >> if you have SSL -- all data is encrypted from the physical host to the >> physical host. >> if no SSL then it is indeed: unencrypted and in the RAW. >> >> just asking for some clarification >> >> On Tue, Jan 10, 2012 at 1:46 PM, thojciv <[email protected]> wrote: >> >>> Hello listers, >>> >>> We're on ARS 7.1 patch 009, MidTier 7.1 Patch 006. >>> >>> I've searched through the ARSList and haven't come up with anything >>> related >>> to my issue. >>> I've submitted an Issue with BMC and they don't have a solution. They >>> advised me to search for a 3rd party utility for what I'm looking to >>> achieve. >>> I recieved 0 responses to my posting on BMC's discussion boards. >>> So, I hope someone here can offer me some solutions or advice. >>> >>> Issue: >>> Sensitive content is being passed into Remedy web services (an existing >>> design that I now have to try and rectify). If mid-tier Web Services >>> logging is enabled, the content is visible. We currently have Web Service >>> logging disabled but when we need it enabled for troubleshooting, we need >>> to >>> have a particular data element masked/encrypted (so need to be able to >>> selectively mask content if possible). >>> >>> Is there a 3rd party utility that anyone knows of that can integrate >>> "well" >>> with Remedy and accomplish this? >>> Has anyone developed an in-house application that does this and is willing >>> to share the code? >>> Or, can someone point me to the jar file(s) that handles the midtier >>> logging? >>> >>> I appreciate all feedback! >>> -- >>> View this message in context: >>> http://old.nabble.com/Mask-Encrypt-Certain-Content-Captured-in-the-Mid-Tier-Logs-tp33114133p33114133.html >>> Sent from the ARS (Action Request System) mailing list archive at >>> Nabble.com. >>> >>> >>> _______________________________________________________________________________ >>> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >>> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" >>> >> >> >> >> -- >> Patrick Zandi >> >> _______________________________________________________________________________ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" >> > > > -- > Chee Thao > [email protected] > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > -- Jose M. Huerta Project Manager** Movil: 661 665 088 Telf.: 971 75 03 24**** Fax: 971 75 07 94**** <http://www.sm2baleares.es/>**** SM2 Baleares S.A. C/Rita Levi **** Edificio SM2 Parc Bit**** 07121 Palma de Mallorca**** <http://es-es.facebook.com/pages/SM2-Baleares/158608627954> <http://twitter.com/#!/SM2Baleares> <http://www.linkedin.com/company/sm2-baleares> La información contenida en este mensaje de correo electrónico es confidencial. La misma, es enviada con la intención de que únicamente sea leída por la persona(s) a la(s) que va dirigida. El acceso a este mensaje por otras personas no está autorizado, por lo que en tal caso, le rogamos que nos lo comunique por la misma vía, se abstenga de realizar copias del mensaje o remitirlo o entregarlo a otra persona y proceda a borrarlo de inmediato.**** P Por favor, no imprima este mensaje ni sus documentos adjuntos si no es necesario. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
<<image003.jpg>>
<<image001.jpg>>
<<image002.jpg>>
<<image004.jpg>>
