We are using the service module to handle credit card payment. We used the service log for all the service request and response.
There are something in the log that we want to have them removed or replaced. Those like the credit card number and cvv numbers are not safe to be in the log.
Like bellow:
HTTP Request Data {"transaction_type":"paypal_wpp","billing_info":{"commerce_customer_address":{"name_line":"xxxxx xxxxxxx","thoroughfare":"456 warden avenue","premise":"apartment 1342","locality":"Toronto","country":"CA","postal_code":"m3u3c3","administrative_area":"ON"}},"credit_card_info":{"card_type":"visa","acct":"4111111111111111","expdate":"092017","cvv2":"223"}}
We want change them to:
HTTP Request Data {"transaction_type":"paypal_wpp","billing_info":{"commerce_customer_address":{"name_line":"xxxxx xxxxxxx","thoroughfare":"123 warden avenue","premise":"apartment 1342","locality":"Toronto","country":"CA","postal_code":"m3u3c3","administrative_area":"ON"}},"credit_card_info":{"card_type":"XXXX","acct":"XXXXXXXXXXXXXXXX","expdate":"XXXXXX","cvv2":"XXX"}}
I have created a patch with module_invoke_all. With this patch, other modules are able to implement the hook and clean those sensitive data.
Comment | File | Size | Author |
---|---|---|---|
sensitive_data_hook_added.patch | 478 bytes | wuinfo - Bill Wu |
Comments
Comment #1
wuinfo - Bill Wu CreditAttribution: wuinfo - Bill Wu commentedComment #2
Derimagia CreditAttribution: Derimagia as a volunteer and at Mindgrub Technologies commentedAgreed that this needs to be done. The hard part is decoding it properly for the hook. I've gotten this working for JSON and application/x-www-form-urlencoded on a projet I've been working on, but I feel like it can be more generic by calling service's functions.