An important requirement when it comes to website logging is the ability to remove / obscure sensitive user data. According to the EU Data Protection Directive, “Personal data are defined as “any information relating to an identified or identifiable natural person”. Passwords and social security numbers are obviously sensitive and should not be stored remotely. And depending on country and applicable law, you may not be allowed to store data such as IP addresses, names or other user specific data in databases.

When using RootCause, we provide you with total control over what data gets logged. If you’re short on time, we built a demo for you to check out.

Obfuscating User Input

Web applications usually contain at least a couple of sensitive data input fields where the users enter data. To obfuscate this input prior to the logging, you can use the onBeforeLog method:

The beforeLog method is called with a single parameter which is an object containing all the data of the user session. In this object we can access and process user actions, console activity, ajax request information before the data is sent to the server. In the sample above we simply replace all alphanumeric characters with X. You can see the effect in this video where an error session is played back.

Please note that manipulating what the user typed might obstruct the playback for a user session, depending on your application logic.

Hiding Data In Screenshots

Before a screenshot is captured by RootCause, it gives you the option to hide sensitive DOM elements such as password fields and credit number inputs. You can configure this behavior in two ways. The easiest way is to provide a CSS selector targeting your sensitive elements using the blackoutSelector

The second option is to use the onBeforeScreenshot and onAfterScreenshot methods to prepare the DOM for the screenshot. Simple example below:

On-premises – Run RootCause on your own private server

Sometimes, even the measures described above aren’t enough. Some countries don’t allow user data to be stored outside its borders. For this scenario we provide an on-premises version allowing you to run your own local installation of RootCause. To get more information and a free trial, please send us a message and we’ll assist you as soon as we can.

Useful links

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">