Skip to main content

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Pega Customer Service for Communications modified rules for BAC prevention

Suggest edit Updated on September 10, 2021

+

This content applies to On-Premises Services and Cloud environments.

In release 8.3, Pega Customer Service for Communications has modified the rules that invoke secured activities in Pega Platform. The query strings and parameters in the calls are registered so they cannot be tampered with by the end users.

If you have overridden any of these rules in your Pega Customer Service for Communications implementation layer, you need to update them to use the changed rules. Run the Pre-Upgrade Checker to identify which of these changed rules are overridden in your implementation layer. For information about the Pre-Upgrade Checker, see the Pega Customer Service for Communications Upgrade Guide on the Pega Customer Service for Communications product page.

For information about the enhancements to prevent Broken Access Control (BAC), and to see a list of rules and activities that were modified for all Pega Customer Service applications, see Pega Customer Service enhancements to prevent Broken Access Control.

The following list shows the modified rules for Pega Customer Service for Communications. If you have overridden any of these rules in your Pega Customer Service for Communications implementation layer, you need to update them with the changed rules.

RuleRule nameClass nameAvailable
Rule-HTML-SectionHIDDENSECTIONPEGACA-WORK-INTERACTIONYes
Rule-HTML-SectionWRAPUPINTERACTIONPEGACA-WORK-INTERACTIONYes

In addition to the changes in the preceding table, several Pega Customer Service for Communications activities that do not need to be started from a client in the form of an AJAX call or any other UI request have also been modified. The Allow direct invocation from the client or service check box is cleared for these activity rules. To see the list of modified activity rules, download the CSC-List-of-Activity-Rules-URL-Tampering.xlsx file.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us