Hello, my name is Met Vonghiran.
I have 2 qustions regarding the application modeller and sensitive information in the application.
The confirmation of why developer should not use customer's specific information as a spy attribute
By not logging the input/output/parameter the attribute information will not be outputed to the database
Development best practice document mentioned that the developer should not use attribute with customer information as a spy attribute due to securtiy reason
I would like to confirm that the reason why those attribute should not be used is that because the information in the attribute will be transfered to the database, hence leaving the customer's specific data in the database could breach the IT security rule.
I have followed the instruction, but would like to confirm that by not using attribute with customer's data and disable the logging function fo the input/output/parameter from those stages, the sensitive information in the attribute will not be outputed to the BP database
Regards,
Met Vonghiran