IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS Connect
Created by Guest
Created on Jan 13, 2020

RELATED IDEAS

Provide ability to decrypt encrypted query/path parameters in a GET request

The API consumer need to pass a client card / credit card number to retrieve account information such as account balance or mortgage information with a GET method. Even though the request URL is protected in transport layer with TLS/SSL, the URL can be logged by API gateway, network devices and z/OS Connect which does not meet the bank's data security requirements.

Idea priority High
  • Guest
    Reply
    |     Mar 13, 2020

    This requirement has been evaluated.

    Security recommendation for information deemed sensitive enough to encrypt in transit through distributed systems is that it is only decrypted at the point it is needed. If the value is decrypted in z/OS Connect EE before being passed onto further systems there is still a risk of it being logged either in z/OS Connect EE or in any of the systems and networks it then goes through. The recommendation would be for the caller to encrypt the sensitive value, use the encrypted value in the API as normal (path parameter, query parameter etc), have z/OS Connect EE map the value to the desired copybook field and passed through the Z infrastructure, and have the target application decrypt the value when it is required.

    Due to the conflicts with secure engineering practices that this enhancement request creates, it is not likely that this would be implemented in future zOS Connect EE releases, so correspondingly this requirement is being rejected. You have an opportunity to resubmit in twelve months time if you wish it to be considered then.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.