Suppress Alerts Configuration
Hi - I would like to know how the below setting works . I know this is for suppressing sensitive customer information but how will pega identify the particular field , is it through any particular property type?
<env name="alerts/suppressalerts" value="true" />
***Updated by moderator: Lochan to add Categories***
Accepted Solution
Pegasystems Inc.
US
It is now confirmed. The DSS "alerts/suppressalerts" is non-functional (at least as far back as Pega 7.1.6 and forward).
The "suppressInserts" is the DSS you want to try.
If the DSS name="alerts/database/operationTimeThreshold/suppressInserts" value="true" setting is in the prconfig.xml file or a Dynamic System Setting, verify that it is set to true. (This is the default, so if the setting is not present, it is automatically true.) Alerts contain SQL statements; in these statements, parameterized values could contain sensitive data (such as property values for customer account numbers or Social Security numbers). This setting ensures that these parameterized values do not appear in the Alert log.
Pegasystems Inc.
US
Please see reference here - https://pdn.pega.com/security-checklist-pega-7-platform-applications/security-checklist-pega-7-platform-applications
There is an ongoing internal discussion on the pros/cons of this - I will keep you posted. The only thing I can add here is a developer's comment that this alert does not appear to be triggered in core engine code.
Also from that discussion
"The only other thing I can think of is:
"alerts/database/operationtimethreshold/suppressInserts"
This keeps us from showing insert statements in the database alerts.
By default this is already set to the more secure value that suppresses the insert values."
Please see reference here - https://pdn.pega.com/security-checklist-pega-7-platform-applications/security-checklist-pega-7-platform-applications
There is an ongoing internal discussion on the pros/cons of this - I will keep you posted. The only thing I can add here is a developer's comment that this alert does not appear to be triggered in core engine code.
Also from that discussion
"The only other thing I can think of is:
"alerts/database/operationtimethreshold/suppressInserts"
This keeps us from showing insert statements in the database alerts.
By default this is already set to the more secure value that suppresses the insert values."
Accenture Technology Services
IN
Hi Paul - Thanks . Please keep us posted on this , this is interesting. Agreed with the insert bit , that's a good data to hide specially in situations where clients are paranoid/strict with data security.
Accepted Solution
Pegasystems Inc.
US
It is now confirmed. The DSS "alerts/suppressalerts" is non-functional (at least as far back as Pega 7.1.6 and forward).
The "suppressInserts" is the DSS you want to try.
If the DSS name="alerts/database/operationTimeThreshold/suppressInserts" value="true" setting is in the prconfig.xml file or a Dynamic System Setting, verify that it is set to true. (This is the default, so if the setting is not present, it is automatically true.) Alerts contain SQL statements; in these statements, parameterized values could contain sensitive data (such as property values for customer account numbers or Social Security numbers). This setting ensures that these parameterized values do not appear in the Alert log.