Ensemble Message property protection/security

Ensemble

Hi,

Is it at all possible to protect certain properties / message fields that is sent via  Ensemble from within Ensemble.

Alternatively to mask it when displaying in the message view Body /Contents tabs.

We could send in the fields encrypted but I was hoping that we could just hide or mask the fields. 

Any ideas on this.

  • 0
  • 0
  • 148
  • 3
  • 1

Answers

There are several ways to do that. Let's say you have a persistent property

Property Problem As %String;

That you don't want anyone to see.

1. Make it private:

Property Problem As %String [ Private ];

It would not be displayed altogether

2. Add accessor methods:

Property Problem As %String;

Method ProblemGet() As %String [ ServerOnly = 1 ]
{
    Quit "****"
}

Method ProblemRealGet()
{
    Quit i%Problem2
}

Method ProblemSet(Arg As %String) As %Status [ ServerOnly = 1 ]
{
    Set i%Problem2 = Arg
    Quit $$$OK
}

This way default callers would get **** and only your app code can access the real value.

3. Do not project property to XML

Property Problem As %String(XMLPROJECTION = "none");

As ensemble message viewer is XML-based it would hide property from it.

4. Create a special datatype. For example MyApp.Datatype.Password datatype returns **** as Display and ODBC values:

Class MyApp.Datatype.Password Extends %String
{

ClassMethod LogicalToDisplay(%val As %String) As %String [ Internal ]
{
    q $case(%val,"":"",:"*****")
}

ClassMethod LogicalToOdbc(%val As %String) As %String [ Internal ]
{
    q $case(%val,"":"",:"*****")
}

}

To use it:

Property Problem As MyApp.Datatypes.Password;

5. Extract the property into a separate class and reference the object of that class.

These approaches could be combined.

Thank You Eduard, this will be very helpfull....

Comments

For the various compliance requirements to protect for instance  protection of personal information (POPI,HIPAA), financial cardholder data (PCI DSS) , etc.etc

As per requirements of all the different compliancies  applications need to adhere to , it is required that for example you protect personal information and only people with correct privileges can see the fields , lets say ID number or an bank card number,   etc.etc and if a person views this , there should be an audit trace of him viewing the data.

So for a start if you have operational people that administrate the Ensemble one would not want them to have access or be able to view this type of fields in the message in the views in ensemble. But thy need access to view the messages to do support 

For the rest of the system users one have an application that access the data and it is possible to hide/mask fields as per requirements in your application. So the application is no problem ,  but how do you implement this in ensemble