neptune_121018
Oct 13, 2014Nimbostratus
Masking the content of an XML request in the ASM logs
One of our client's applications receives XML requests that include a sensitive parameter, which we shouldn't log. Let's call it "< pin >".
I've read that the XML Profile allows me to mask data by defining an element or an attribute as sensitive. So I have tried masking the < pin > element with both the options "Any Namespace" and "No Namespace" selected. But I still haven't been able to mask the pin.
After examining the requests I've noted that some elements, including < pin > are located inside a CDATA tag.
Have you encountered something similar before? The XML structure looks a bit like this: