Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

In RTC 5.0.2: Is the source code added in Jazz source control is encrypted?

 Hi, 

We are using RTC 5.0.2 in our distributed environment and for that reason our security team just want to know that the source code Delivered in Jazz repository is in encrypted form or not.

Regards,
Muhammad Moid

0 votes



One answer

Permanent link
Communication between client and server uses HTTPS and is encrypted. The code changes are stored in the database as blobs. The content is compressed (if compression saves space) but not encrypted.

So during transfer the data - all data - is encrypted due to HTTPS, but in the database it is not encrypted.

0 votes

Comments
Hmmm. I am trying to understand it since I can see encrypted data in the database.

Let me rephrase my question again.Can the IBM CLM Application do the encryption for the source code?

Also, I would appreciate if you can answer below security related questions as well:

Can we store CLM application & Tomcat logs in SQL native DB log? Or can we send them directly to syslog server or be integrated security information and event management (SIEM) solution.
Is the tunnel(Communication medium) between application and database is encrypted using TLS1.2 ?

As I said, the change is compressed usually. Just because you can not see/understand the data does not mean it is encrypted. Look at any compressed file and try to figure what the data is.

Again, there is no encryption done by the application, prior to storing the data in the database. There are no mechanisms to do encryption for scm data in the application either as far as I am aware.

The logs are stored in the file system, it is your admin's duty to make them accessible only to the users that should be able to. If you want to send the logs somewhere, you would have to come up with a custom solution to do it.

The application uses plain a plain JDBC connection to the database. If your DB Vendor JDBC driver uses TLS1.2 fine. The database should be very close to your application server. So I am not sure why you want the additional performance impact due to encryption.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,019
× 1,202

Question asked: Jun 02 '16, 3:19 a.m.

Question was seen: 3,038 times

Last updated: Jun 03 '16, 6:13 p.m.

Confirmation Cancel Confirm