VAL-PER (algs CI_PER-SSN And CI_PER-EIN) Writing Sensitive Data To Msg_log And Threadpoolworker Log
(Doc ID 2280977.1)
Last updated on SEPTEMBER 28, 2022
Oracle Utilities Customer Care and Billing - Version 126.96.36.199.0 to 188.8.131.52.0 [Release 2.5 to 2.6] Information in this document applies to any platform.
VAL-PER (algs CI_PER-SSN and CI_PER-EIN) writing sensitive data to msg_log and threadpoolworker log
During successive iterations of conversion rehearsals, it was found that when certain WARNING messages were encountered during the running of conversion batch_cd VAL-PER (CIPVPERB), the base algorithms being called as part of the formatting validation of social security numbers (SSN) or employee ID numbers (EIN) would write the actual SSN or EIN involved in the WARNING event to the threadpoolworker logs and to CI_MSG_LOGPARM as part of the normal routine of processing the WARNING.
SSN (or EIN) is then fully visible in plain text in the threadpoolworker log and via TOAD or SQLDeveloper when querying CI_MSG_LOGPARM. While these methods and log files are restricted to most general user populations, and the batch process responsible is run only up to and one time after conversion/cutover, it is preferred that the SSN (or EIN) not be written out at all as part of the WARNING event - or written out fully masked in both the threadpoolworker logs and via direct access to the database table(s).
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!