Security Considerations

Since trace logs can contain sensitive information, customers are strongly advised to limit access to CIC servers. When tracing is turned up, the content of handler variables is logged when a tool assigns an output parameter. Likewise, information coming and going to databases is also logged.

Verbose logging of normal business logic could potentially be exploited by an attacker who filters logs for a particular call and looks at the individually detected digits. By examining the timestamps of the traces, the attacker might be able to identify menu items, SSNs, account numbers, credit card numbers, expiration dates, and other sensitive data. Genesys provides trace logs for diagnostic purposes only. Customers are responsible for protecting sensitive information in trace logs as part of their overall data management policies.

Another potential concern is the dissemination of log files to off-site partners or support representatives. Customers can address this by providing a temporary terminal service login to the machine that has the Trace Viewer installed.