google-code-export / elmah

Automatically exported from code.google.com/p/elmah
Apache License 2.0
1 stars 1 forks source link

RAW XML encryption #218

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What new or enhanced feature are you proposing?
Is there a way elmah can encrypt the raw xml before it gets stored into the 
database? If there isn't, it will be great if it can do this because there is a 
risk of PCI data being exposed in the database. Our forensics software during 
testing/evaluation easily picked up sensitive information from the DB files.

What goal would this enhancement help you achieve?
PCI compliance.

Original issue reported on code.google.com by mithi...@gmail.com on 1 Apr 2011 at 10:33

GoogleCodeExporter commented 9 years ago
Hi there,

Sorry for the slow response.
Can you be a bit more specific about which parts of the XML contain the 
sensitive information please?

Thanks,

James

Original comment by jamesdriscoll71 on 24 Feb 2012 at 1:52

GoogleCodeExporter commented 9 years ago
We solved this issue by explicitly marking sensitive information as such for 
logging purposes, and not logging it. 
Our logs look like this:
  Name: "John Smith",
  Password: "******"
Do you gain anything by logging the sensitive information? Could you change it 
to log something like the length of a password, or a fraction of a card number?

Original comment by AkosLuka...@gmail.com on 14 Mar 2012 at 9:20