Introducing sensitive text comparators

March 2, 2020 · 2 min read

Gergely Sinka

"Not all code paths return a value." - VS

Focusing on frontend applications, we introduced sensitive text comparators to make sure sensitive info (like email address, user name) is kept hidden in targeting rules.

Sensitive

In this case the feature flag evaluation is based on the secure hashes of the comparison values.

Comparison values in config_v3.json:

"c": "configcat@example.com, sensitive@example.com",

config_v4.json:

"c": "75ca15b98f2422cfbae01c76eaf0cacb8fe1d44e,ff672c127d393f7e9589ffa2efd1bb4a702ff237",

Since sensitive text comparators don't support CONTAINS or DOES NOT CONTAIN comparisons, here is an example how to target users from the same company. Which used to be handled by a rule like:

Sensitive

You can add a custom attribute called domain and use only sensitive comparators in the targeting rule.

On the Dashboard: Sensitive

In your code:

const userDomain = userEmail.split('@').pop();
const userObject = {
    identifier: '<SOME USER ID>',
    email: userEmail,
    custom: { domain: userDomain }
}
const value = configCatClient.getValue(key, defaultValue, callback, userObject);

Sensitive comparators are supported from the following SDK versions:

SDK	Version
JS	v3.0.0
Node	v4.0.0
PHP	v3.0.2
Python	v3.0.2
Ruby	v2.0.3
Go	v4.0.2
Java	v4.0.1
Android	v4.0.0
.NET	v4.0.0
Swift	v4.0.0

Recent posts