Deployment GuideiConsolePost-deployment TasksHide User Logon Credentials in the iConsole › Enforcing Encrypted Logons

Previous Topic: URL Query String Logon Method

Next Topic: Enforcing a Logon Timestamp and Timeout
Enforcing Encrypted Logons

In addition to SSL support, CA DLP also enables you to encrypt HTML POST form variables using either Triple DES (Data Encryption Standard) or AES (Advanced Encryption Standard).

This additional encryption can be used in environments where an SSL session could potentially be intercepted. For example, where users are working remotely and creating traffic across the internet. This further encryption can help to prevent ‘man-in-the-middle’ attacks.

To enforce encrypted logons

  1. Locate the Web registry key on the front-end Web server.
  2. Within this registry key, set the following REG_DWORD registry value to 1: 
    EnforceEncryptedLogon

Important! If encryption enforcement is applied, then the POST form variable supplied with the Web form logon method must be encrypted. If it is not, then the logon fails.

More information:

iConsole Registry Values