Hacker News new | past | comments | ask | show | jobs | submit login

If you happen to be operating a Jira based support desk and want to reduce the risk of leaking customer data via HAR files, I took the HAR Scrubber that Cloudflare made and built a Jira plugin out of it:

https://marketplace.atlassian.com/apps/1232593/securely-for-...




Thanks for the pointer to that.

If anyone else is interested: https://github.com/cloudflare/har-sanitizer/blob/main/src/li... is the scrubbing logic for cloudflare.

Unfortunately, this scrubber would be problematic for Okta staff (or staff for any other authentication provider support team) because when someone is having issues with logging in, you need to examine Authorization and other authentication headers and data.

So I think the best course is to:

* caution users to not send production data, but rather to set up a test system and share the HAR file from that

* make sure you do defense in depth and lock down access to support tickets

* remove HAR files from closed support tickets. Here's a zendesk article about that: https://support.zendesk.com/hc/en-us/community/posts/6185912...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: