Security and Privacy Concerns in Tracker
Since logged service invocations may log data necessary for data mining, troubleshooting, and report generation, it might raise some security concerns as the stored data may contain sensitive information such as credit card numbers, social security numbers, or any other personal information.
To ensure that access to such data is limited, only Marketplace users and
Martini users under the ESBAPIAdminGroup
are permitted to access the data. To fetch
Tracker documents, users of any of these types may use the
REST API. Additionally, Marketplace users (but not Martini users) can also
view the documents via the Tracker UI.
To avoid any privacy breach you can:
- Turn off the Tracker logging feature to avoid any sensitive data being persisted in the database.
- Mask all sensitive data before data gets into the Tracker database.
- Selectively choose whether to persist inbound, outbound, or both inbound and outbound data in the Tracker database.