In an ongoing effort to improve security around the data captured and reported via the Synthetic Monitoring Product suite, the below change is being rolled out to Appdynamics' Synthetics Cloud
Description: Currently, if you have Synthetic jobs that pass credentials to the website(your are monitoring) by embedding them in the URL (e.g. http://user:pass@site.com), then those credentials propagate to the resulting Synthetic Sessions and therefore are visible in the UI in plain text. Common industry security practice(s) classifies such clear text username / passwords as sensitive / confidential.
Change: In our upcoming 4.4.1 Synthetics Cloud deployment, we will begin to redact these credentials from Synthetic Sessions, and this data will no longer appear in the UI.
Impact to you: Depending on your EUM Page Naming rules, it's possible that some of your Pages currently include these credentials.
For example, if your synthetic job visited the page http://user:pass@site.com, you may have Pages named "user:pass@site.com". Because this change will strip out the credentials, data will subsequently be reported under just "site.com". This could impact you in two ways:
- If you were tracking metrics for that specific page, you will need to track the new page instead.
- If you have reached the limit for registered Pages (this is rare), you will need to remove the orphaned page before you'll see data for the new Page.
Should you have any questions regarding this change OR need help with the impact of this change to your monitoring framework, please contact AppDynamics Support at help@appdynamics.com
