Jump to: navigation, search

hide-sensitive-data

Section: TServer
Default Value: true
Valid Values: true, false
Changes Take Effect: Immediately on the T-Server side and after restart on the Connector side


When set to true, sensitive customer data is hidden in log files of T-Server and Connector in the following attributes: AttributeCollectedDigits, AttributeLastDigit, AttributeDTMFDigits, and AttributeTreatmentParms. In CTI link messages, sensitive data is hidden in Data and Treatment-Params headers.

Hiding Sensitive Data

T-Server and Connector for Skype for Business components can print customer sensitive information in log files in:

  • CTI link messages (both components)
  • T-Library messaging (T-Server component)
  • Specific debug information added for troubleshooting

The sensitive content includes:

  • User Data in T-Events
  • Content of Collected Digits
  • Instant messages
  • Treatment prompts

T-Library messaging

The option that controls whether potentially sensitive data is printed in the T-Server log file is hide-sensitive-data, which is configured in the [TServer] section of the T-Server Application. The default value of this option is true, meaning that the following sensitive data will be hidden in the T-Server log file:

  • AttributeCollectedDigits, AttributeLastDigit, AttributeDTMFDigits, AttributeTreatmentParms will be hidden in T-Library requests and events.
  • The headers “Data” and “Treatment-Params” will be hidden in CTI link messages. Instead of printing the actual data transmitted between T-Server and Connector, the log file will contain a string: **** (length:nn), where nn is the length of the original data.

This feature can be disabled by setting the option value to false.

CTI Message Headers

The CTI messages used by T-Server and Connector contain various Microsoft Lync TServer Protocol (MLTP) message headers. The Connector can be configured with a list of MLTP message headers that might contain potentially sensitive data and should not be printed in the log file. Instead of printing the actual data transmitted between T-Server and Connector, the log file will contain a string: **** (length:nn), where nn is the length of the original data.

To hide message headers, in the Annex tab of the Switch configuration object, in the [log] section, set the hide-header option to a comma-separated list of MLTP message headers that must not be printed in the log file.

For example:
 
[mslync] handle MLTP message
PARTY_CREATED * MLTP/1.0
media: voice
from: sip:user1@domain.com
to: sip:user21@domain.com
party-state: ALERTING


If hide-header=media,from,to,party-state, the following would be printed instead in the log file:

[mslync] handle MLTP message
PARTY_CREATED * MLTP/1.0
media: **** (length:5)
from: **** (length:21)
to: **** (length:21)
party-state: **** (length:8)

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on 4 April 2018, at 15:50.