Page tree

Skip to end of metadata
Go to start of metadata

App Visibility agents record information received in HTTP requests, some of which might include sensitive information about end users, such as account numbers, passwords, or a personal home address.

For example, your application might include a page with the following URL:

http://domain/application/postSecret.jsp?secret=fluxcapacitor&target=1985

In the example, the App Visibility agent records the parameters and values, and App Visibility users can see the secret parameter in the Application Flow and Code Level tabs of the Trace Details page.

To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers.

Add the parameter name (for example, secret) to the list, as in the following example:

persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret

The next time such a request is collected by the App Visibility agents, the secret parameter will be masked with 5 asterisks (secret=*****).

In the same way, this property can be used to mask whole HTTP header values collected by the App Visibility agent.

Related topics

Modifying an App Visibility agent policy

Configuring an App Visibility agent policy to collect and monitor application information

Changing security certificates in App Visibility components