cancel
Showing results for 
Search instead for 
Did you mean: 

Appliaction Modeller and attribute with sensitive information

MetVonghiran
Level 4
Hello, my name is Met Vonghiran.   I have 2 qustions regarding the application modeller and sensitive information in the application. The confirmation of why developer should not use customer's specific information as a spy attribute By not logging the input/output/parameter the attribute information will not be outputed to the database   Development best practice document mentioned that the developer should not use attribute with customer information as a spy attribute due to securtiy reason I would like to confirm that the reason why those attribute should not be used is that because the information in the attribute will be transfered to the database, hence leaving the customer's specific data in the database could breach the IT security rule. I have followed the instruction, but would like to confirm that by not using attribute with customer's data and disable the logging function fo the input/output/parameter from those stages, the sensitive information in the attribute will not be outputed to the BP database   Regards, Met Vonghiran      
2 REPLIES 2

John__Carter
Staff
Staff
Yes Met, if sensitive data is not hardcoded in the model or the diagram, and it's not logged or held in the queue, then it won't be stored in the DB. Aside from security, the other reason to avoid including such data in the model at design-time is that at run-time you'll be working different cases and the chances are the model will fail if hardcoded with customer data.

MetVonghiran
Level 4
Thank you so much John. Your input is very clear.   Regards, Met Vonghiran