App Visibility agents record information received in HTTP requests, some of which might include sensitive information about end users, such as account numbers, passwords, or a personal home address.
For example, your application might include a page with the following URL:
http://domain/application/postSecret.jsp?secret=fluxcapacitor&target=1985
In the example, the App Visibility agent records the parameters and values, and App Visibility users can see the secret
parameter in the Application Flow and Code Level tabs of the Trace Details page.
To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers.
Add the parameter name (for example, secret
) to the list, as in the following example:
persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret
The next time such a request is collected by the App Visibility agents, the secret
parameter will be masked with 5 asterisks (secret=*****
).
In the same way, this property can be used to mask whole HTTP header values collected by the App Visibility agent.
Modifying an App Visibility agent policy
Configuring an App Visibility agent policy to collect and monitor application information
Changing security certificates in App Visibility components