Forum Discussion

Nimbostratus

Sep 21, 2010

irule to encrypt form submission

Hi I am trying to figure out how can i do form element encryption when logging through the F5 edge gateway. Although the login page for the APM is already on HTTPS, my auditor insist that th...

Nimbostratus

Oct 01, 2010

We must share the same auditor; failing to see the forest for the trees. Your auditor is asking for obscuration, not meaningful encryption; a determined attacker wouldn't be stymied by this at all.

With the connection already covered between APM and the browser via TLS, the transaction is encrypted, period. An attacker who would be able to decrypt the SSL session won't be stymied by a JS-delivered form field encryption -- which, by the way, would need to be provided a key within the JS method with which to encrypt it. If the user's PC or SSL session is compromised, there's no security to be gained from a clientside field encryption.

Good luck.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

irule to encrypt form submission

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Android Encrypted Databases

Cookie Encryption Across Pools and Services

SSL decryption/re-encryption w/iRule feeding into HTTPS load balance

Passphrase for cookie encryption profile

Does F5 encrypts traffic internally from a VS to another VS ?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS