What is the ProfileData that is send when the KeepAlive function is called?
Our PEN-tester has requested information about the KeepAlive function that is called within our Mendix App. In particular, he wants to know what the 'profiledata' involves and to what extend this information can be considered sensitive. Thanks in advance.
See this thread for an answer. I wouldn't classify it as sensitive, as it measures the duration of requests.
Rom van Arendonk
The linked thread is no longer active. Had to dig into this myself recently so posting my knowledge for others:
Profiledata is used to profile how long a request takes and can be used to roll your own profiler.
ProfileData is always part of the request (it cannot be disabled).
If a custom profiler is registered the ProfileData data is used to determine how long requests take and profile them.
If a custom profiler is not registered, the information is not used.
The purpose of ProfileData is to allow custom profilers.