https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85040#M36094 Hello, my name is Met Vonghiran.   I have 2 qustions regarding the application modeller and sensitive information in the application. The confirmation of why developer should not use customer's specific information as a spy attribute By not logging the input/output/parameter the attribute information will not be outputed to the database   Development best practice document mentioned that the developer should not use attribute with customer information as a spy attribute due to securtiy reason I would like to confirm that the reason why those attribute should not be used is that because the information in the attribute will be transfered to the database, hence leaving the customer's specific data in the database could breach the IT security rule. I have followed the instruction, but would like to confirm that by not using attribute with customer's data and disable the logging function fo the input/output/parameter from those stages, the sensitive information in the attribute will not be outputed to the BP database   Regards, Met Vonghiran       Thu, 05 Apr 2018 06:37:00 GMT MetVonghiran 2018-04-05T06:37:00Z https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85040#M36094 Hello, my name is Met Vonghiran.   I have 2 qustions regarding the application modeller and sensitive information in the application. The confirmation of why developer should not use customer's specific information as a spy attribute By not logging the input/output/parameter the attribute information will not be outputed to the database   Development best practice document mentioned that the developer should not use attribute with customer information as a spy attribute due to securtiy reason I would like to confirm that the reason why those attribute should not be used is that because the information in the attribute will be transfered to the database, hence leaving the customer's specific data in the database could breach the IT security rule. I have followed the instruction, but would like to confirm that by not using attribute with customer's data and disable the logging function fo the input/output/parameter from those stages, the sensitive information in the attribute will not be outputed to the BP database   Regards, Met Vonghiran       Thu, 05 Apr 2018 06:37:00 GMT https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85040#M36094 MetVonghiran 2018-04-05T06:37:00Z https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85041#M36095 Yes Met, if sensitive data is not hardcoded in the model or the diagram, and it's not logged or held in the queue, then it won't be stored in the DB. Aside from security, the other reason to avoid including such data in the model at design-time is that at run-time you'll be working different cases and the chances are the model will fail if hardcoded with customer data. Thu, 05 Apr 2018 13:45:00 GMT https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85041#M36095 John__Carter 2018-04-05T13:45:00Z https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85042#M36096 Thank you so much John. Your input is very clear.   Regards, Met Vonghiran Fri, 06 Apr 2018 05:42:00 GMT https://community.blueprism.com/t5/Product-Forum/Appliaction-Modeller-and-attribute-with-sensitive-information/m-p/85042#M36096 MetVonghiran 2018-04-06T05:42:00Z