hi Prasad Pise,

When you verified on Azure, Load test was in progress. During load test we make encryption false due to which all parameters shown in plain text.

Now on Azure parameters are encrypted.

Thanks,
Vijayendra

HI Vijayendra Shinde

I have observed some more URLs as mentioned below which has parameters in plain English text. Could you please confirm.
1. All the URLs of 'SetPageTrackingValue'
Some Examples as follows :
https://preprod.workterra.net/Platform/PTHomePage/SetPageTrackingValue?PageName=Manage+Beneficiaries&URL=%2FBenAdmin%2FUserDetails%2FUserDetails%2FEmployeeBeneficiary&ProjectID=2&ModuleID=2&_=1515748444932

https://preprod.workterra.net/Platform/PTHomePage/SetPageTrackingValue?PageName=Initiate+Qualifying+Event&URL=%2FPlatform%2FUserDetails%2FUserDetails%2FInitiateQualifyingEvents&ProjectID=2&ModuleID=2&_=1515759719648

https://preprod.workterra.net/Platform/PTHomePage/SetPageTrackingValue?PageName=&URL=%2FBenAdmin%2FReport%2FReport%2FEnrollmentReport&ProjectID=2&ModuleID=2&_=1515760436680

2. URLs displayed on mouse hover. PFA screenshot.

3. View Paycheck url

https://preprod.workterra.net/BenAdmin/UserDetails/UserDetails/ViewCompare?PaycheckID=232&ViewClick=1&Popup=1

3. Any Reports URL
https://preprod.workterra.net/Platform/Reserved.ReportViewerWebControl.axd?OpType=Resource&Version=11.0.2802.16&Name=ViewerScript

CC Rakesh RoySamirNidhi KaulSatyaGaurav Sodani

Hi Vijayendra Shinde

As discussed, please refer the following URL

https://preprod.workterra.net/Platform/Customization/Customization/PreviewChangeApproval?CallFromPageID=8&EffectiveDate=3/1/2018%2012:00:00%20AM&IsFromConfigureChangeApproval=False&Popup=1 HTTP/1.1

Hello Prasad Pise ,

As discussed with you and Vijayendra Shinde , Changing the values of moduleId from SetPageTrackingValue method will not break the security . We are not able to reproduce the Report point mentioned in above comment . Rest other below points are fixed :

• 'PreviewChangeApproval' URL is corrected , in this URL 'PopUp' parameter is not being used so that one is not encrypted.
• URL on mouse over from screenshot also corrected but here name of module is not encrypted , because this is used as Enum values , so changing the module name will not create any impact on system .
• 'ViewPayCheck' URL is corrected .

These changes will be deployed in next CodeMap build .

Thanks,
Pratap Patil

CC: Vijayendra Shinde , Sachin Hingole

Hi Pratap Patil

I am in testing for the fixed URLs, however as discussed, could you please check the following URLs also.

1. PCP Pop up scenario
https://10.0.2.71/BenAdmin/UserDetails/UserDetails/PCPCodePopup?PlanDesignId=565&EffectiveDate=1/1/2018%2012:00:00%20AM&IsAlreadyEnrolled=&Popup=1

2. Edit/Update Employee Beneficiary request
https://10.0.2.71/BenAdmin/UserDetails/UserDetails/EmployeePlanBeneficiary?PlanDesignID=249&EffectiveDate=1/1/2018%2012:00:00%20AM&PlanName=Basic%20Life/%20AD%26D%20(Full%20Coverage%20-%20$500000)%20-%20Basic%20Life&ProviderLogo=/Assets/Images/Company/13680/Benefit%20Provider/Sun_Life_Financial_logo.jpg&IsSpousePrimaryBeneficiary=0&IsBeneficiaryRequired=1&UserAction=edit&PrimaryList=%5B%7B%22RelationshipId%22:%221~16965%22,%22Perecentage%22:%22100%22,%22BeneficiaryId%22:%2276513%22,%22MemberID%22:%2216965%22,%22RelationshipName%22:%22%22,%22SpouseRelationshipId%22:%221%22%7D%5D&PlanIndex=0&_=1519304457734

Add another relation ship for beneficiary

https://10.0.2.71/BenAdmin/UserDetails/UserDetails/OtherBeneficiaryPV?RelationId=8&EffectiveDate=1/1/2018%2012:00:00%20AM&RelationName=Business%20Associate&Beneficiarytype=Primary&PlanId=249&Index=1&Popup=1

Hi Prasad Pise,

I have committed changes related to below pages and it will get deployed in next build:

1. PCP Pop up scenario
2. Edit/Update Employee Beneficiary request
3. Add another relation ship for beneficiary

Thanks,
Komal.

List of modified files:

• /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EmployeeBeneficiary/EmployeeBeneficiaryController.cs
• /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Controllers/EnrollNow/EnrollNowController.cs
• /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Models/EnrollNow/EnrollNowPVModel.cs
• /branches/UiRefresh-LB/Web/Web Projects/BenAdmin/Areas/UserDetails/Views/UserDetails/EmployeeBeneficiary/EmployeeBeneficiary.cshtml

Hi Komal Barde

I have verified the fixes for following changes on Codemap
1. PCP Pop up scenario
2. Edit/Update Employee Beneficiary request
3. Add another relation ship for beneficiary

I have observed following issue:
On Beneficiary page, Relationship Name's encrypted value is getting displayed on UI.
This issue occurs when employee try to Add/Edit the beneficiary from employee beneficiary page.
PFA screenshot.

CC Vijayendra Shinde

Hello Prasad Pise ,

The beneficiary relationship name issue is fixed and deployed on CodeMap . Please verify it .

Thanks,
Pratap

HI Pratap Patil

Beneficiary relationship name issue is resolved on Codemap. As observed, the relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.

Thanks

• Prasad

HI Pratap Patil
Beneficiary relationship name issue is resolved on PreProd environment. Now,Relationship name is displayed in plain english text on Beneficiary Page and Beneficiary reports.

Thanks
-Prasad