Discussion

73
Views
SuryaMokka Member since 2018 16 posts
Apple Inc
Posted: 1 year ago
Last activity: 1 year 8 months ago
Closed

Security - Users/Hackers are able to get the active connection list using PRTraceServlet URL

We don't want to disable the PRTraceServlet URL as it is one of the important tool to trace critical issues in higher envs.

Users are trying to hit this URL to get the connection list

/prweb/PRTraceServlet?pzDebugRequest=GetConnectionList

Is there any way to restrict this URL only to developers?

Thanks

Pega Academy
Moderation Team has archived post
Share this page LinkedIn