Forum Discussion

Nimbostratus

Oct 31, 2008

Encrypted database?

Does anyone know if the backend database that stores the learned information is encrypted? We have sensitive information going through our ASM that needs to either be x'ed out or encrypted to keep wi...

app sec

BIG-IP Access Policy Manager (APM)

security

Bill_Beverley_7

Historic F5 Account

Nov 04, 2008

Hi,

Further to Aaron's post - for PCI compliance purposes I would suggest that you configure the ASM's "Sensitive Parameters" settings (Application Security -> Policy, Advanced Tab -> Sensitive Parameters).

By assigning parameters as sensitive, their values will replaced with *'s in the log files (local and/or remote) and in the MySQL database. My understanding of the PCI auditing process is that this would remove the requirement to encryt the logs or the database columns as they no longer contain cardholder details but Aaron could probably give you a better steer on that than I.

Rgds

Bill

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)