Data Guard
- Data Guard will block (by default) or will mask (transparent) the sensitive information for the responses sent by the application server to the client
-
Settings Location
-
General
- Security -> Application Security: Data Guard
-
Policy
- Security -> Application Security: Blocking: Settings – Negative Security Violations Data Guard: Information leakage detected
-
-
Modes of Operation
-
Data Guard in Transparent (Mask Data)
- Default Learn/Alarm Only (Block grayed out)
- Mask Data setting must be enabled
- Sensitive information will show with * instead
-
Data Guard in Blocking (Default Policy setting)
- Default Learn/Alarm/Block
- Sensitive information will be blocked, if * is desired block setting must be disabled in addition of Mask Data setting being enabled
-
-
Data Guard Default General configuration behavior (unchecked/disabled by default)
- One of the flags (Credit Card Numbers, SSN, Custom/Exception Patterns) must be checked
-
Mask Data (unchecked by default)
- By default, any Data Guard flagged content will be blocked instead
-
File Content Detection (unchecked by default)
- When file content is detected, the system will not enforce exception patterns and mask response data that match the file content
-
Available file formats (once checked)
- Document Formats (MS Office 2007 or later, MS Office 93-2007, PDF)
- Executable File Formats (ELF, Mach-O, PE)
-
Enforcement mode (empty list by default)
- Can EITHER ignore URLs in list OR enforce them
- Wildcards are supported
Sensitive Parameters
Security -> Application Security: Parameters: Sensitive Parameters
-
These can be setup to mask delicate information in forms/webpages such as credit cards or password that otherwise should be masked
- Sensitive Parameters can be used to mask the requests in the logs and user interface
Recent Comments