Limit Control+J Information

The browser shortcut key combination Control+J or Ctrl+J (which you sometimes need to press twice in browsers) provides some really useful information. However, in a production environment there is some sensitive information you might want to remove from the display such as:

  • Database Name
  • Database Type
  • Application Server

Optionally, you might also want to remove:

  • Tools Release
  • Application Release
  • Service Pack

You can bet that if you have organised any penetration testing this will be one of the first things to get picked up.

The web profile settings allow you to turn Control+J on or off under:

PeopleTools > Web Profile > Web Profile Configuration > [Open the relevant web profile, e.g. PROD]
On the debugging tab, enable the Show Connection & Sys Info checkbox to enable Control + J.

On changing this the web profile will need to be reloaded using servlet directives or a web server restart.

However, turning off Control+J is an all or nothing setting and turning it off also takes away some of the valuable information it provides. A compromise is to limit the Control+J options through a simple customisation.

In application designer, open the HTML definition, PT_INFOPAGECONNECT. This is the HTML displayed on the Control+J page. The labels for each element are stored in the message catalog. Here's how they map:

Message Set Message Number Message Text
146 50 Browser
146 51 Operating System
146 52 Tools Release
146 53 Application Release
146 54 Service Pack
146 55 Page
146 56 Component
146 57 Menu
146 58 User ID
146 59 Database Name
146 60 Database Type
146 61 Application Server
209 831 Component Buffer Size (KB)

To hide the information that is sensitive, simply use HTML comments <!— —> to comment out the parts you don't want to show, e.g. for the Database Name, Database Type and Application Server (59,60,61) you could change the code in the HTML to this:

  <!-- <Reference> <Author> <DD/MM/YYYY>: Hide sensitive information from Control+J -->
    <td class='PSEDITBOXLABEL'>%Message(146,59)</td>
    <td class='PSTEXT'>%DBName</td>
    <td class='PSEDITBOXLABEL'>%Message(146,60)</td>
    <td class='PSTEXT'>%DBType</td>
    <td class='PSEDITBOXLABEL'>%Message(146,61)</td>
    <td class='PSTEXT'>%AppServer</td>

This is how Control+J now looks with above information commented out:


You would do a similar thing for Tools Release, Application Release and Service Pack (52,53,54) if you did not want to show that information either.

No Comments
Back to top