AdamBenoit / elmah

Automatically exported from code.google.com/p/elmah
Apache License 2.0
0 stars 0 forks source link

RAW XML encryption #218

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What new or enhanced feature are you proposing?
Is there a way elmah can encrypt the raw xml before it gets stored into the 
database? If there isn't, it will be great if it can do this because there is a 
risk of PCI data being exposed in the database. Our forensics software during 
testing/evaluation easily picked up sensitive information from the DB files.

What goal would this enhancement help you achieve?
PCI compliance.

Original issue reported on code.google.com by mithi...@gmail.com on 1 Apr 2011 at 10:33

GoogleCodeExporter commented 8 years ago
Hi there,

Sorry for the slow response.
Can you be a bit more specific about which parts of the XML contain the 
sensitive information please?

Thanks,

James

Original comment by jamesdriscoll71 on 24 Feb 2012 at 1:52

GoogleCodeExporter commented 8 years ago
We solved this issue by explicitly marking sensitive information as such for 
logging purposes, and not logging it. 
Our logs look like this:
  Name: "John Smith",
  Password: "******"
Do you gain anything by logging the sensitive information? Could you change it 
to log something like the length of a password, or a fraction of a card number?

Original comment by AkosLuka...@gmail.com on 14 Mar 2012 at 9:20

GoogleCodeExporter commented 8 years ago
This issue has been migrated to:
https://github.com/elmah/Elmah/issues/218
The conversation continues there.
DO NOT post any further comments to the issue tracker on Google Code as it is 
shutting down.
You can also just subscribe to the issue on GitHub to receive notifications of 
any further development.

Original comment by azizatif on 25 Aug 2015 at 8:20