VAL-PER (algs CI_PER-SSN And CI_PER-EIN) Writing Sensitive Data To Msg_log And Threadpoolworker Log (Doc ID 2280977.1)

Last updated on SEPTEMBER 28, 2022

Applies to:

Symptoms

VAL-PER (algs CI_PER-SSN and CI_PER-EIN) writing sensitive data to msg_log and threadpoolworker log

During successive iterations of conversion rehearsals, it was found that when certain WARNING messages were encountered during the running of conversion batch_cd VAL-PER (CIPVPERB), the base algorithms being called as part of the formatting validation of social security numbers (SSN) or employee ID numbers (EIN) would write the actual SSN or EIN involved in the WARNING event to the threadpoolworker logs and to CI_MSG_LOGPARM as part of the normal routine of processing the WARNING.

SSN (or EIN) is then fully visible in plain text in the threadpoolworker log and via TOAD or SQLDeveloper when querying CI_MSG_LOGPARM. While these methods and log files are restricted to most general user populations, and the batch process responsible is run only up to and one time after conversion/cutover, it is preferred that the SSN (or EIN) not be written out at all as part of the WARNING event - or written out fully masked in both the threadpoolworker logs and via direct access to the database table(s).

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.