问题描述
MSDN讨论了信用卡信息的处理方式在跟踪过程中被意外记录.但是同一篇文章解释说,不会记录已知"个人身份信息.
MSDN talks about how credit card information could accidentally be logged during traces. But that same article explains that "known" Personally Identifiable Information is not logged.
我想知道的是,是否有一种方法可以将DataContract成员标记为PII,以利用.net内置的功能从跟踪和日志中滤除PII?我认为答案是否",因为我怀疑本文引用的用户名和密码是身份验证步骤的一部分,而不是身份验证之后的数据合同的一部分.
What I'd like to know is if there is a way to 'flag' members of a DataContract as PII, to take advantage of the .net built-on capability of filtering out PII from traces and logs? I'm thinking the answer is "no," because the user names and passwords the article references I suspect are part of authentication steps, rather than part of data contracts that follow authentication.
即使如此,我是否可以使用任何内置的.net属性来注释数据协定或可序列化的类成员,这意味着嘿,这是一个对安全敏感的属性,请当心!"
Even so, is there any kind of built-in .net attribute I can annotate a Data Contract or serializeable class members with, which means "hey, this is a security sensitive attribute, beware!"
推荐答案
我收到了以下博客,该博客解释了如何向数据协定中添加[PII]属性
I got the below blog that explains how to add [PII] attribute to data contract
这篇关于个人身份信息(PII),跟踪和消息记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!