Forum Discussion

Nimbostratus

Sep 21, 2010

irule to encrypt form submission

Hi I am trying to figure out how can i do form element encryption when logging through the F5 edge gateway. Although the login page for the APM is already on HTTPS, my auditor insist that th...

Nimbostratus

Oct 01, 2010

We must share the same auditor; failing to see the forest for the trees. Your auditor is asking for obscuration, not meaningful encryption; a determined attacker wouldn't be stymied by this at all.

With the connection already covered between APM and the browser via TLS, the transaction is encrypted, period. An attacker who would be able to decrypt the SSL session won't be stymied by a JS-delivered form field encryption -- which, by the way, would need to be provided a key within the JS method with which to encrypt it. If the user's PC or SSL session is compromised, there's no security to be gained from a clientside field encryption.

Good luck.

Forum Discussion

irule to encrypt form submission

Recent Discussions

dns config is not sync to standby f5 for HA cluster

URL redirect

((((((🧧🎡WHATSAPP"@ +19▽0931▽327▽90🈯👨🍳))) comprar euros falsificados elevados

(((🧧🎡 WHATSAPP”@ +19▽0931▽327▽90🈯👨🍳))) ACQUISTA EURO CONTRAFFATTI "

(((🧧🎡WHATSAPP NACHRICHTEN"@ +19▽0931▽327▽90🈯👨🍳))) KAUFEN SIE HOHE GEFÄLSCHTE EURO

Related Content

Encrypted cookies on strict uri

iRULE regsub error

Error Encrypting a SAML Assertion from APM

owa iapp assign irule

Irule Trigger two times