Article ID: 124402, created on Feb 6, 2015, last review on Feb 6, 2015

  • Applies to:
  • Business Automation 5.5

Question

During PlaceOrderAndAuthorize_API execution password and customers credit card number can be seen in plain text in PBA logs and XXX prefix, that is suggested to use to avoid logging of sensitive data is not deleted from actual password/card number. For example the following fields are used to pass account's login and password:

              <value>LoginID=test</value>
              <value>PasswordID=XXXtest</value>

As a result user with login test and password XXXtest is created. XXXtest value can be seen in plain text in logs.

How to avoid password/card number logging and make PBA remove XXX prefix?

Answer

The correct format for password filed is the following:

              <value>LoginID=test</value>
              <value>XXXPasswordID=test</value>

for credit card:

              <value>XXXCardNumberID=4111111111111111</value>

So XXX prefix should be in the field's very beginning.

There is a bug PBA-61549 for incorrect example provided in PBA API guide.

Search Words

XXX

prefix

sensitive

password

logs

credit card number

PlaceOrderAndAuthorize

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 801221f8cd76fba7300d1e6817c8e08b 92711db0799e8aefe8e51f12dace0496

Email subscription for changes to this article
Save as PDF