Concealing sensitive data recorded by the App Visibility agents


App Visibility agents record information received in HTTP requests, some of which might include sensitive information about end users, such as account numbers, passwords, or a personal home address.

For example, your application might include a page with the following URL:

http://domain/application/postSecret.jsp?secret=fluxcapacitor&target=1985

In the example, the App Visibility agent records the parameters and values, and App Visibility users can see the secret parameter in the Application Flow and Code Level tabs of the Trace Details page.

To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers.

Add the parameter name (for example, secret) to the list, as in the following example:

persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret

The next time such a request is collected by the App Visibility agents, the secret parameter will be masked with 5 asterisks (secret=*****).

In the same way, this property can be used to mask whole HTTP header values collected by the App Visibility agent.

Related topics

Managing-App-Visibility-policy-files

Hiding-sensitive-information-with-an-App-Visibility-confidentiality-policy-file

Modifying-an-App-Visibility-agent-policy-file-to-collect-and-monitor-application-information

Applying-private-certificates-to-App-Visibility-components

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*