VAL-PER (algs CI_PER-SSN And CI_PER-EIN) Writing Sensitive Data To Msg_log And Threadpoolworker Log (Doc ID 2280977.1)

Last updated on JULY 03, 2017

Applies to:

Oracle Utilities Customer Care and Billing - Version 2.5.0.2.0 to 2.5.0.2.0 [Release 2.5]
Information in this document applies to any platform.

Symptoms

VAL-PER (algs CI_PER-SSN and CI_PER-EIN) writing sensitive data to msg_log and threadpoolworker log

During successive iterations of conversion rehearsals, it was found that when certain WARNING messages were encountered during the running of conversion batch_cd VAL-PER (CIPVPERB), the base algorithms being called as part of the formatting validation of social security numbers (SSN) or employee ID numbers (EIN) would write the actual SSN or EIN involved in the WARNING event to the threadpoolworker logs and to CI_MSG_LOGPARM as part of the normal routine of processing the WARNING.

SSN (or EIN) is then fully visible in plain text in the threadpoolworker log and via TOAD or SQLDeveloper when querying CI_MSG_LOGPARM. While these methods and log files are restricted to most general user populations, and the batch process responsible is run only up to and one time after conversion/cutover, it is preferred that the SSN (or EIN) not be written out at all as part of the WARNING event - or written out fully masked in both the threadpoolworker logs and via direct access to the database table(s).

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms