Not logging requests is not really an option as you will be willingly stopping any ability to audit and investigate issues, also potentially breaking regulatory requirements.
I am surprised you actually have 4000 uniquely named sensitive parameters in your application, is it some sort of a medical/health form ?
Remember that first of all if these parameters are form variables they might all have a common prefix (e.g. if your parameter is called "frmHealth_NumberOfHospitalAdmisonsInLast3Years" and all others start from "frmHealth_" you can just create a Wildcard sensitive parameter "frmHealth_*" and that will do the job - easy!
However, if all your sensitive parameters have unique names with no common pattern and cannot be grouped together using a wildcard then you will indeed need create them in the policy individually. It is tricky and requires some work with text editors/Excel/ but it can be done.
Here is how you can import them:
- first of all Export your ASM policy as XML (do not tick the Compact Format)
- obtain the full list of your sensitive parameters (e.g. in text or Excel format)
- open the exported XML policy file using a goot text editor, for example Notepad++
-
find the section named "sensitive_parameters" - you will see that your existing sensitive parameters are in this format:
```
`password
`
-
prepare your parameters to be imported to be in the same format (e.g using Excel and concat command), so each parameter you need to import looks like this:
**mySensitiveParameterNameHere**
-
copy paste your list of parameters in the above XML format into the XML policy document just after the last
tag
-
import the XML policy back into ASM
- Done!
Hope this helps,
Sam