A place for community members to contribute product ideas and suggestions.

0 Votes

Ability to log HttpUtility calls without exposing sensitive information

Status: Accepted
by on ‎04-19-2016 10:20 AM

Right now, connection details logged from HttpUtility at the debug level include a great deal of useful information along with


- the api login and transaction key

- full dump of the xml request including unmasked credit card number, expiration date, etc.


Can we move the logging of these two items to a separately-configurable logger like "HttpUtility-sensitive"?


I'd like to see the api login and transaction key logging go away completely from the HttpUtility output.


ideally, I'd like to see the xml request filtered to not show any <payment> information beyond a generic  <creditCard> output.  (I suppose masked credit card number would be acceptable).


I think it would also be wise to not output <billTo> information nor <customer> information with the non-sensitive-data logger other than  <customer><id> even though this is not strictly required by PCI DSS.


We want to log when transactions occur with enough context to know what those transactions are without making our logs a security risk.


Status: Accepted
on ‎04-19-2016 10:57 AM

Here's a trivial implementation which only moves logging of both the request and the merchant authentication keys to a separate logger and makes no attempt to provide non-sensitive request logging.


by Administrator Administrator
on ‎09-02-2016 01:35 PM
Status changed to: Accepted
on ‎05-01-2020 04:09 AM

I like to read this blog very much going the online and play the amazing bejeweled 3 online best puzzle game to all people like it very much most of the players exited for this any time thanks a lot for update.

‎09-12-2021 03:48 AM - edited ‎09-12-2021 03:56 AM

This is impressive guidance I read it and it gives me some knowledge about it. You shoild visit angry birds apk to download its apk mod and also there are so mnay other game mods are available.