Security¶
The agent communicates with FusionReactor's services using HTTPS but may fallback to HTTP for license activation if HTTPS fails.
This fallback can be disabled by setting the following System Property :
-Dfr.license.http.fallback=false
Sensitive Data¶
By default, the FusionReactor agent captures the following potentially sensitive data which can be obfuscated in the On-Prem FusionReactor, and defaults to being obfuscated when sent to the Cloud:
- Request Parameters: The agent captures query parameters (but not form POST data).
- SQL: The agent sets SQL recording to obfuscated, which removes the potentially sensitive numeric and string literal values.
- IP address: The agent captures the remote ip address where WebRequest originated.
The following potentially sensitive data is captured but cannot be obfuscated at this time:
- JSON Capture: The JSON post and response data is captured as is and may contain potentially sensitive data. This feature can be disabled here.
- Query Plans: When enabled, FusionReactor will automatically run the query plan and explain commands to find out why Mongo queries and SQL statements took so long. This data cannot be obfuscated and is not enabled by default.
- Decompiler: When viewing stack traces, profilers, and in other locations, the user can decompile the relevant classes. Decompiling has the ability to see potentially sensitive constants like API keys
- Event Snapshot and Debugger: These cannot be obfuscated and may contain sensitive information. The Debugger has access to any and all variables / constants in the running application. You can disable the Event Snapshot feature or the whole Debugger. See Debugger Settings