Show Hide

 

Feedback

  • Contents
 

Server parameters to suppress logging of sensitive data

Trace logs, particularly the IP trace log, can potentially contain sensitive data. Logging of sensitive data can occur when Interaction Attributes are used to store sensitive values. The value of an attribute is traced when the attribute is set, retrieved, or processed. For this reason, sensitive data may be traced and logged by multiple processes, not just by IP. Logging can also occur when traced output from SOAP tools contains an XML blob with sensitive data in it, or when an IceLib function is traced.

Examples of sensitive data include:

  • Data that could be useful for hacking or identity theft. Common examples are birth date, social security number, home address, credit card or ID numbers,
  • Data that must be protected for legislative reasons.
  • Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership.
  • Data concerning a person's health, sex life, or sexual orientation.
  • Genetic or biometric data.
  • Salary information.
  • Data relating to criminal offenses and convictions.
  • Any other attributes that your business wants to remain confidential.

Not all data is sensitive.  Examples of non-sensitive data include:

  • Data stored about configured users of the IC server.
  • Calling name data for telephone calls (internal or external).
  • Email addresses.
  • Telephone numbers.
  • IP addresses.

Starting with PureConnect CIC 2018 R2, customers can suppress tracing of potentially sensitive data, by setting 2 server parameters.

Parameter Description

SuppressSensitiveDataTracing

If this server parameter is not present, or it is set to a case-insensitive value of "TRUE", "YES", or "1", then "##Suppressed## is written to trace log entries instead of the value traced.

SensitiveAttributes

This parameter identifies which attributes will be suppressed. Set its value to a delimited list of Interaction Attributes whose value should not be traced. Attribute names are automatically trimmed of leading or trailing spaces. You may delimit items using semicolons or new lines.

For example, if you assign a value of CC_SOCIAL_SECURITY;CC_AMOUNT_DUE then ##Suppressed## will be written to logs instead of the actual values of those custom attributes.

When this parameter is empty, no tracing of Interaction Attributes is suppressed. But if SuppressSensitiveDataTracing is enabled, the system will suppress tracing of potentially sensitive data from SOAP Tools XML and when IceLib function is traced.

Note: When the AdminServer subsystem starts and detected that the 'SensitiveAttributes' server parameter has no values specified it will populate the server parameter with a list of potentially sensitive interaction attribute names. The selected attributes are ones that are likely to include personally identifiable information.

Notes:

  • Both server parameters are dynamic. Changes go into effect immediately.

  • For new installations, SuppressSensitiveDataTracing is TRUE by default and SensitiveAttributes is set to an empty string. (This behavior is not applicable starting from PureConnect release 2022 r2)

  • These parameters are not supported prior to CIC 2017 R2, and will not be back ported.