Skip to content

Commit f084c77

Browse files
jimmyca15jimmyca15
committed
Remove redundancy of internal vs sensitive. Added mitigation guidance for client configuration exposure.
1 parent 2084399 commit f084c77

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

articles/azure-app-configuration/howto-best-practices.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -290,7 +290,7 @@ When you use App Configuration in client applications, ensure that you consider
290290

291291
To address these concerns, we recommend that you use a proxy service between your client applications and your App Configuration store. The proxy service can securely authenticate with your App Configuration store without a security issue of leaking authentication information. You can build a proxy service by using one of the App Configuration provider libraries, so you can take advantage of built-in caching and refresh capabilities for optimizing the volume of requests sent to App Configuration. For more information about using App Configuration providers, see articles in Quickstarts and Tutorials. The proxy service serves the configuration from its cache to your client applications, and you avoid the two potential issues that are discussed in this section.
292292

293-
It is important to consider that, when surfacing configuration to client applications, configuration values will be visible to end users. Care should be taken to avoid unintended exposure of sensitive or internal data. For example, user and group names in feature flag targeting settings may be considered EUII (End User Identifiable Information).
293+
It is important to consider that, when surfacing configuration to client applications, configuration values will be visible to end users. Care should be taken to avoid unintended exposure of sensitive data. For example, user and group names in feature flag targeting settings may be considered EUII (End User Identifiable Information). To mitigate this risk, consider using a separate App Configuration store resource dedicated to client application configuration, or segment configuration using filtering mechanisms such as key prefixes, labels, or tags and filter in the proxy server accordingly.
294294

295295
## Multitenant applications in App Configuration
296296

0 commit comments

Comments
 (0)