Obfuscating client data in the database
You have an option to obfuscate certain sensitive client information before storing it into the database. The purpose of this feature is to ensure that information that could identify individual clients from the data can only be accessed by authenticated and authorized users of the application - that is, neither administrators of the application’s technical environment nor anyone getting an access of a database backup would be able to access the sensitive information.
Sensitive client data is obfuscated using a simple substitution cipher. This approach was selected to maintain the usability of the system: users can still search and filter all data, even when it is obfuscated in the database.
Obfuscation is only applied to fields that might contain sensitive client information, including contact’s name, external ID and address, portfolio’s email, profile data, and user information, such as first name, last name and email address.
Obfuscation is limited to upper- and lower-case Latin characters, numbers, and most common Scandinavian characters - for example Cyrillic and Arabic characters are not obfuscated but stored in the database as they are.
Obfuscating certain client data in the database is available from FA 3.6 onward. Obfuscation is enabled on the application level and requires certain preparations before it can be taken into use. If you are interested in this feature, contact FA for more details.
Encrypted characters
Simple substitution cipher is used for obfuscating the data.
The set of characters to encrypt is limited to:
Upper- and lowercase Latin characters (a-z, A-Z).
Numbers (0-9).
Scandinavian characters ÅåÄäÖöÆæØø.
Any other characters besides these are not encrypted. For example, Cyrillic or Arabic characters will remain as is.
Fields
The following fields in the following entities / database tables are obfuscated:
Contact – Database table: pm2_contact
Field name | Database column |
|---|---|
name | name |
externalId | external_id |
profileData | profile_data |
representativeNamesString | contact_rep_names |
Address – Database table: pm2_address
Field name | Database column |
|---|---|
name | name |
address1 | address1 |
address2 | address2 |
zipCode | zipCode |
city | city |
country | country |
phone1 | phone1 |
phone2 | phone2 |
fax | fax |
Portfolio – Database table: pm2_portfolio
Field name | Database column |
|---|---|
emailAddresses | email_addresses |
assetManagersString | pf_asset_managers |
contactsString | pf_contacts |
reportContactsString p | pf_report_contacts |
ProfileAttribute2 – Database table: pm2_profile2_attribute
Field name | Database column |
|---|---|
stringValue | string_value |
User – Database table: pm2_user
Field name | Database column |
|---|---|
firstName | first_name |
lastName | last_name |
Revision info – Database table: revision_info
Field name | Database column |
|---|---|
userEmail | user_email |
Other fields. In addition to the fields above, the following VO table fields also indirectly end up as encrypted when the VO table is populated / updated:
Database table: pm2_transaction_vo
Database column |
|---|
contact_address1 |
contact_address2 |
contact_city |
contact_email |
contact_ext_id |
contact_name |
contact_primary_address |
contact_phone1 |
contact_phone2 |
contact_post_code |
pf_asset_manager_names |
pf_asset_managers |
pf_contact_names |
Database table: pm2_customer_portfolio_search
Database column |
|---|
asset_manager_or_representative |
contact_name |
name |
order_string |