Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Verifying DataSafe is working or not ?

Go to solution
Sushant
Altostratus
Altostratus

‎05-May-2021 11:06

I have attached my datasafe profile with my virtual server but not being able to check its status ? How can we verify Datasafe is working fine ? Inspect with my current web doesn't display anything regarding credentials.

 

 

 

 

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎07-May-2021 06:01

Yes, you will need to specify conditions for validating successful login. If you are using a response code, be careful with either 200 and 302 as an expected code. Very often, 200 is not accurate if the page immediately redirects a user in which case 302 is the expected code. That's a common mistake. If you a using an explicit URL, make sure that case sensitivity is correct--/Login.php and not /login.php. For your user name parameter, make sure you selected the option "Identify as Username" in the URL Configuration section.

View solution in original post

0 Kudos
9 REPLIES 9

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎06-May-2021 05:53

Have you configured the URLs (perhaps a login page) and parameters (typically username and password) within the profile? Every DataSafe profile requires at least one URL to protect. If you view your application using Developer tools in your browser you should see the obfuscated JavaScript related to the protections you configured. Make sense?

0 Kudos

Go to solution
Sushant
Altostratus
Altostratus

‎06-May-2021 06:31

hi Erik Thank you replying back ! Yes I have configured the URL(login page) example : /login.php...as per my understanding we do not need to mention the full url as well as I have mentioned the parameters. I am not being able to verify...I have seen some of the videos in youtube and did get the point but cannot find the same details in my specific application.

0 Kudos

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎06-May-2021 07:06

OK, for the parameters you added to the profile, you must have selected "Identify as Username" and/or "Encrypt" and/or "Substitute Value." DataSafe secures Document Object Model objects such as your web forms on the client side. First access your web application using Chrome, but don't log in. Turn on Developer tools, right-click on one the protected form elements, and then select Inspect.

Then log in to your application. You should see something like document.form [0].username.value but the actual value should be obfuscated. If you see identifiable credentials in any of the fields you are inspecting then you need to configure DataSafe to protect them.

0 Kudos

Go to solution
Sushant
Altostratus
Altostratus
In response to Erik_Novak

‎06-May-2021 07:36

hello Erik..thank you again for replying....I can find the username and password parameter value if I incorrectly type wrong username and password...but cannot find it once I hit the correct username and password ....Should it be encrypted even if I hit wrong username and password ?? ??

0 Kudos

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎06-May-2021 08:10

If you selected encryption for each of these then yes, you should see obfuscated values. Are you using decoy forms? If so, you should be able to see these also.

0 Kudos

Go to solution
Sushant
Altostratus
Altostratus
In response to Erik_Novak

‎06-May-2021 09:36

Hi Erik...lots of tries with no success ...I do not get the Form Data once i enter the correct username and password...but with incorrect username and password Form Data is generated but with not encryption.

 

###################URL########################

0691T00000CnynMQAR.png 

########### PARAMETERS #################################0691T00000CnyPXQAZ.png 

############APPLICATION LAYER ENCRYPTION ##########0691T00000Cnyo7QAB.png 

 

############### SSID ############################

0691T00000CnyoRQAR.png 

Is login page properties mandatory ????

 

 

 

0 Kudos

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎07-May-2021 06:01

Yes, you will need to specify conditions for validating successful login. If you are using a response code, be careful with either 200 and 302 as an expected code. Very often, 200 is not accurate if the page immediately redirects a user in which case 302 is the expected code. That's a common mistake. If you a using an explicit URL, make sure that case sensitivity is correct--/Login.php and not /login.php. For your user name parameter, make sure you selected the option "Identify as Username" in the URL Configuration section.

0 Kudos

Go to solution
Sushant
Altostratus
Altostratus
In response to Erik_Novak

‎07-May-2021 07:34

Erik I am getting error of lower case sensitive as my URL is in upper case letter....any solution for this ?

 

 

0691T00000Co1ERQAZ.png

0 Kudos

Go to solution
Erik_Novak
F5 Employee
F5 Employee

‎07-May-2021 08:13

Yes. By default, DataSafe treats URLs in the URL list as case-sensitive. There is a checkbox for the option in the properties of the URL. By default, the option is not selected, and you should only select it if your app uses case-sensitive URLs. The problem is that you cannot change the settings after the anti-fraud profile is created. So to fix this problem, delete the profile and create a new one. Most likely your app is not case sensitive.

0 Kudos
Copyright © 2023 Khoros, LLC