Security and transaction traces

New Relic APM transaction traces collect detailed data about your application's transactions. Because they collect detailed data from your app, transaction traces can be a potential security concern. This document explains how to configure transaction traces for your data security needs.

Access to this feature depends on your subscription level.

Database queries

The database query types collected by transaction traces vary by New Relic language agent. Query collection is a potential security concern because queries can contain sensitive values.

You can customize database query collection with three different security settings:

  • Obfuscated: This is the default value. This setting strips string literals and numeric sequences from your queries and replaces them with the ? character. For example: the query select * from table where ssn='123-45-6789' would become select * from table where ssn=?.

  • Off: Query collection is turned off entirely.
  • Raw: If you are confident that full query data collection will not impact your data security, you can change the setting to Raw, which will record all query values.

You can edit database query collection with the Record SQL setting, explained in Configure transaction traces.

HTTP request attributes and parameters

The collection of HTTP request data can expose potentially sensitive data. New Relic calls the key/value data collected during an HTTP request attributes. By default, the collection of attributes is limited to only basic HTTP information that is not a source of sensitive data (for example, response code and host); these are part of the group of basic attributes that New Relic refers to as agent attributes.

For data security reasons, the collection of other attributes, including user-specific parameters, is disabled by default. For information on how to enable/disable the collection of specific HTTP attributes and custom attributes, see Configure transaction traces.

High security mode

New Relic's default settings, described in this document, provide a high level of security. To force the most secure settings for all the applications in your account, you can use the high security mode. This mode ensures that, no matter how your admins and users configure your account, the most secure settings are forced and cannot be overridden. For more information, see High security mode.

For more help

Join the discussion about New Relic APM in the New Relic Online Technical Community! The Technical Community is a public platform to discuss and troubleshoot your New Relic toolset.

If you need additional help, get support at support.newrelic.com.