Skip to Content

Concealing sensitive data recorded by the BMC Application Diagnostics Agent

BMC Application Diagnostics Agents record information received in HTTP requests, some of which may include sensitive information about end users, such as account numbers, passwords, or a personal home address.

For example, your application might include a page with the following URL:

http://domain/application/postSecret.jsp?secret=fluxcapacitor&target=1985

In this example, the BMC Application Diagnostics Agent records these parameters and values, and BMC Application Diagnostics users can see the secret parameter in the Application Flow and Code Level tabs of the Trace Details window.

To prevent sensitive information from being displayed, you can mask the information recorded from HTTP parameters and headers, as explained in the following procedure.

To perform this procedure, you must have Administrator-level access, or higher, or have tenant Application Owner-level access.

To conceal sensitive information from BMC Application Diagnostics users

  1. In the BMC Application Diagnostics Agent policy file, locate the following property:

    # List of parameters (like HTTP parameters and headers) with values that may contain sensitive information that should
    # be masked. Parameters with names listed here will be recorded as follows: paramName=*****
    #
    # Parameter names are case insensitive (so listing "password" will cover PassWord too), are automatically trimmed from
    # surrounding whitespace and should be separated by commas in the list.
    # You can also add HTTP Headers like "cookie", or the commonly misspelled "referer" header to mask their values.
    # Default list is: password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd
    persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd

  2. Add the parameter name (for example, secret) to the list, as in the following example:

    persisting.param.names.to.mask=password, j_password, pass, pswd, authorization, passwordInput, j_id_id3:passwordInput, passwd, vpasswd, secret
  3. Save the changes made to the policy file, and then apply the policy to relevant agents.

The next time such a request is collected by the BMC Application Diagnostics Agent, the secret parameter will be masked with 5 asterisks (secret=*****).

In the same way, this property can be used to mask whole HTTP header values collected by the BMC Application Diagnostics Agent.

Related topics

Creating-and-editing-an-Agent-policy-file

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Application Diagnostics 2.5