Concealing sensitive data recorded by the App Visibility agents

App Visibility agents record information received in HTTP requests, some of which might include sensitive information about end users, such as account numbers, passwords, or a personal home address.

For example, your application might include a page with the following URL:

http://domain/application/postSecret.jsp?secret=fluxcapacitor&target=1985

In the example, the App Visibility agent records the parameters and values, and App Visibility users can see the secret parameter in the Application Flow and Code Level tabs of the Trace Details page.

To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers.

Add the parameter name (for example, secret) to the list, as in the following example:

persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret

The next time such a request is collected by the App Visibility agents, the secret parameter will be masked with 5 asterisks (secret=*****).

In the same way, this property can be used to mask whole HTTP header values collected by the App Visibility agent.

Related topics

Managing App Visibility policy files

Hiding sensitive information with an App Visibility confidentiality policy file

Modifying an App Visibility agent policy file to collect and monitor application information

Applying private certificates to App Visibility components