You are viewing limited content. For full access, please sign in.

Question

Question

Securing Extracted Data When Copying from One Application to Another

Connector
Updated November 5, 2019
asked on November 1, 2019

If I setup a Connector profile to extract data from fields one application (via JavaScript or UI) and then paste that data into fields in another application, how is that data secured during the copying process?  We have a need to copy credit card and checking account #'s but need to make sure it is secured by Connector during the transfer between the two applications.

0 0

Answer

SELECTED ANSWER
replied on November 1, 2019

As far as I know the data is not "stored" anywhere other than in memory while it is being copied and pasted. Essentially it wouldn't be much different from manually copying and pasting the content except with Connector I don't believe it would be retained on the clipboard.

Obviously I don't know your environment so you may have addressed this already, but I'd be much more concerned with the PCI compliance implications of having credit card and bank account numbers stored in a way that they can be copied and pasted.

3 0

Replies

replied on November 1, 2019

Once your data is in the memory banks of a local workstation, there should no longer be a need for security layers. It is only data that leaves the workstation to visit a router, where the address resolution protocol could be poisoned, that you should need security layers.

1 0
replied on November 1, 2019

I believe the concern is that the data on the "clipboard" is essentially not encrypted and something on the local machine could be tracking that.  My thoughts are that it is no different than some other app on the machine logging key strokes that could essentially get those same account #'s.  Thus the responsibility at that point lies on the local machine be properly secured.

0 0
replied on November 1, 2019

Encrypting the data would not resolve this because to encrypt data, you have to have the data in memory to begin with. Encryption only resolves pickups on transferred data.

Protecting the local machine is the solution for this, preventing malicious software from being installed and detecting it when it is.

1 0
replied on November 5, 2019

Thanks Chad.  That was my thoughts as well but I wanted to make sure I wasn't missing something in my logic.  I appreciate the help.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...