APM .NET Agent password in Backend
search cancel

APM .NET Agent password in Backend


Article ID: 190175


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


When monitoring a .NET application, the app owner expressed concerns that sensitive data is visible to the APM users in the Investigator and requested that such information not be recorded.
Specifically that the username and password used to connect to a database instance is shown as part of a metric name, for example:

      Backends| on -3306 user <username>;password <password> 




Release : 10.7.0

Component : APM Agents


The application makes a connection to MySQL and documented connection information puts the username and password as part of the connection string, for example


It appears that the whole connection string is processed as the database name so the username and password are posted as metrics


A workaround was supplied to change the reference in the pbds so it would hard-code the database name.
The update was required in both sqlagent.pbd and errors.pbd

Essentially, all references to {database} were replaced by a selected DB name. For example to fix a name of MyDB you would change the lines


     TraceOneMethodIfFlagged: SQLAgentConnections Open SqlMethodTraceIncrementor "Backends|{database}:Connection Count"


     TraceOneMethodIfFlagged: SQLAgentConnections Open SqlMethodTraceIncrementor "Backends|MyDB:Connection Count"

The limitation of this is that it will not report communications where there are multiple databases/datasources; everything will be collected under the name you choose.

The problem was not investigated further than this at this time.

Additional Information

Information from MySQL developer guides about .NET connection strings