We are using the service module to handle credit card payment. We used the service log for all the service request and response.

There are something in the log that we want to have them removed or replaced. Those like the credit card number and cvv numbers are not safe to be in the log.

Like bellow:
HTTP Request Data {"transaction_type":"paypal_wpp","billing_info":{"commerce_customer_address":{"name_line":"xxxxx xxxxxxx","thoroughfare":"456 warden avenue","premise":"apartment 1342","locality":"Toronto","country":"CA","postal_code":"m3u3c3","administrative_area":"ON"}},"credit_card_info":{"card_type":"visa","acct":"4111111111111111","expdate":"092017","cvv2":"223"}}

We want change them to:
HTTP Request Data {"transaction_type":"paypal_wpp","billing_info":{"commerce_customer_address":{"name_line":"xxxxx xxxxxxx","thoroughfare":"123 warden avenue","premise":"apartment 1342","locality":"Toronto","country":"CA","postal_code":"m3u3c3","administrative_area":"ON"}},"credit_card_info":{"card_type":"XXXX","acct":"XXXXXXXXXXXXXXXX","expdate":"XXXXXX","cvv2":"XXX"}}

I have created a patch with module_invoke_all. With this patch, other modules are able to implement the hook and clean those sensitive data.

CommentFileSizeAuthor
sensitive_data_hook_added.patch478 byteswuinfo - Bill Wu
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

wuinfo - Bill Wu’s picture

Priority: Critical » Major
Derimagia’s picture

Priority: Major » Critical

Agreed that this needs to be done. The hard part is decoding it properly for the hook. I've gotten this working for JSON and application/x-www-form-urlencoded on a projet I've been working on, but I feel like it can be more generic by calling service's functions.