Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Logging PID (Personally Identifiable data in the logs)

Review all the log statements at INFO, TRACE, WARN, ERROR level to make sure that sensitive customer information is not logged.

1
1
Posted 5 months ago
Votes Newest

Answers


During the development process, developers typically print Entity attributes, ValueObject contents at INFO level to track the execution flow. Invariably these log statements are never removed and get deployed in production. In many cases, the data being logged consists of PID (personally Identifiable) information .

Considering the increasing scrutiny of the regulatory authorities on data handling and data privacy, what seems like a minor logging issue can snowball into a major incident. Imagine, your PID info ( Name, DOB, Address, Credit Details ) being printed in the logs of your insurance company, for all the support personnel to view (and potentially misuse). Now you get the idea. Log any PID information at DEBUG LEVEL. In all other cases, log non-PID data such as Policy #, Claim #, Job # at any level.

  
  
Posted 5 months ago

Your answer

Attach file
Add
89 Views
1 Answer
5 months ago
5 months ago
Tags