jPOS-EE has a very handy transaction participant called “Debug” its main purpose is to dump the contents of the jPOS’s Context. While this is very helpful in test modes and during development – The context remains “un-protected” and all of the data remains in the clear. Even the ProtectedLogListener and FSDProtectedLogListener will not protect data in the context.
Enter the ProtectDebugInfo Transaction Participant a configurable implementation I wrote based on some of Alejandro’s ideas, and one that lives in most of OLS’s payment products in various specific iterations.
It’s configuration looks like:
Protecting your q2.log in this truncated example:
<entry key=‘FSDMESSAGE’>
<fsdmsg schema=‘file:cfg/fsd-base’>
account-number: ‘599999______0001′
</fsdmsg>
</entry>
<entry key=‘PAN’>599999______0001</entry>
<entry key=‘RESPONSE’>
<isomsg direction=“incoming”>
<field id=“0″ value=“2110″/>
<field id=“2″ value=“599999______0001″/>
<field id=“35″ value=“599999______0001=____________________”/>
</isomsg>
</entry>
<entry key=‘REQUEST’>
<isomsg direction=“incoming”>
<field id=“0″ value=“2100″/>
<field id=“2″ value=“599999______0001″/>
<field id=“35″ value=“599999______0001=____________________”/>
</isomsg>
</entry>
Possibly Related Posts (automatically generated):
