Release 10.1A: OpenEdge Getting Started:
Core Business Services

Sealing the audit data

You can optionally seal the audit data records by using either a message digest or a message authentication code (MAC). The message digest allows detection of unauthorized changes if someone attempts to modify audit data outside of a 4GL or SQL application. The MAC is an encrypted value that is stored and displayed as a password field; it is also known as the DB Passkey. The MAC protects data integrity when data is being moved outside of the OpenEdge utilities.

Note: Only OpenEdge tools can verify the data seal.

When you create a policy, one of the settings you choose is the data security level, which controls the level of security applied to the audit data transaction tables _client-session, _aud-audit-data, and _aud-audit-data-value, each of which has a field called _Data-seal. The _Data-seal field holds an internally generated seal on the data that guarantees the integrity of the data and ensures it has not been tampered with outside of the registered services permitted to maintain this data.

The setting of the data security level determines what information is written to the _Data-seal field in each one of the audit data transaction tables, as follows:

No Additional Security — No additional security is applied to audit data.
Message Digest — Stores a message digest in the _Data-seal field of the audit data tables to guarantee the integrity of the data.
DB Passkey — Stores a MAC in the _Data-seal field of the audit data tables to guarantee the integrity of the data. (A MAC is more secure than a message digest.)