Two enhancements are requested:
(1) UI capture masking for AjaxListener data
(2) Pipeline privacy support for AjaxListener (and general JSON) data
Currently, while the UI Capture library supports masking of page data (DOM content and Change events, etc.), application API calls captured by the AjaxListener do not have a masking feature. A masking feature is needed, similar to how Form Fields are masked... where specified name-value pairs have their values masked.
Example:
{
type": 5,
offset": 9801,
screenviewOffset": 4875,
count": 26,
fromWeb": true,
customEvent": {
"name": "ajaxListener",
"data": {
"interfaceType": "XHR",
"originalURL": "p.login.mycompany.com/api/v1/authn",
...
"request": {
"username": "MyUserID",
"password": "MyPassword123"
},
"responseHeaders": {
...
The field .sessions[0].message.customEvent.data.request.password requires masking. Ideally this Dotted Notation syntax will be flexible, to support wildcards and partial path names.
The same masking syntax is also required in the Pipeline privacy session agent for general purpose use... as currently masking often requires complicated regular expressions.
This is made more complicated as a target ID may have both a "currState" and "prevState" value that require masking, in both the [RequestBody] and [RawRequest] sections. Multiple masking rules may therefore be required for each field to be masked.
How will this idea be used?
Fulfilling privacy requirements is difficult and brittle under the current design. Having native support for masking Tealeaf capture data will both improve this process and reduce CPU load in the PCA and downstream servers. |
|
What is your industry? | Insurance |
What is the idea priority? | High |