OpenEdge 11.7.3 on Windows 7 Enterprise.
Our application has been penetration tested. One of the findings was that sensitive information were written on disk in the client log file without the users awareness when the logging level was increased to 5. We have included the option for the user to increase the logging level for incident and problem management purposes.
The regulator requires all sensitive information written to local disks to be encrypted.
I doubt, but, is there any way to have the client log file encrypted?
Thanks in Advance and Best Regards, Richard.
You might enable NT file encryption for the log file through the file's Properties.
But to satisfy such broad encryption requirements, maybe the easiest would be to just enable encryption of the whole disk with e.g BitLocker. Or put the whole application on a partition of it's own, and encrypt that one.