Support for SQL bind variables
Due to high network and storage demands, support for bind variables is only available for DESK Managed deployments, not SaaS deployments.
Bind variables are a means of parameterizing SQL statements so that the statements have question marks or parameters in their where clauses, such as:
- SQL server:
select count (*) from report where tenant = @tenant - Java JDBC:
select count (*) from report where tenant = ?
Bind variables allow the database server to prepare the statement once and execute it multiple times without reparsing or reanalyzing it.
Note: Bind variables aren't applicable to statements that use literals, such as:
select count (*) from report where tenant = ‘xxxx’.
These statements can't be parameterized and are reparsed and reanalyzed by the database server with each execution.
Note: This feature can capture a lot of sensitive data, which is why it's available only within DESK Managed environments. Because it can generate high network traffic and storage demands, it's recommended to use it with caution and only for specific process groups.
To enable SQL bind value capture
-
From the DESK Managed Cluster Management Console navigation menu, click Settings > Server-side service monitoring > Deep monitoring.
-
Under Database, enable the Capture SQL bind values setting.
Whether you enable this setting site-wide or for individual process groups, you can use DESK OneAgent to capture the values of bind parameters. This is applicable to the following technologies:
- ADO.net
- JDBC
- PHP database frameworks
A sample result of this feature is PurePaths. The following web page illustrates the masking of bind variables.
Bind variables are considered confidential as they can contain IDs and other sensitive values. Learn how to ensure the data privacy of your customers.
Only users who have permission to view a specific entity or management zone can view the bind variables within that entity or zone.
