Arcjet Sensitive Information
Arcjet Sensitive Information Detection protects against clients sending you sensitive information such as PII that you do not wish to handle.
What is Arcjet?
Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.What does Arcjet Sensitive Info do?
Arcjet’s “block sensitive information” rule prevents detected sensitive information from reaching your application. The rule runs entirely locally so no data ever leaves your environment.
What kinds of sensitive information can Arcjet detect?
Arcjet can detect multiple types of sensitive and personally identifiable information (PII).
The built in types are:
- Email addresses
- Credit/debit card numbers
- IP addresses
- Phone numbers
In addition to these you can also use the custom detect function to implement detection for other types.
How is sensitive information detected?
Arcjet takes the body of your request and analyzes it for the configured sensitive information types. This is performed using a WebAssembly module loaded by the SDK so that the analysis happens in a secure sandbox entirely within your environment.
The analysis determines whether or not the request is a string, if it is then we convert the string to tokens by splitting it on whitespace and trimming punctuation marks such as commas, apostrophes and quotes.
Once we have converted it to tokens we provide them to the any configured custom detect function, if provided. If it detects any sensitive information types then those are returned, if not then we run Arcjet’s built-in parsers to detect any other types.
If the rules match any of the detected sensitive information types then the SDK will return a block or allow decision based on the rule’s configuration.
Is any data sent to the cloud?
No, all sensitive information detection is performed locally within your own environment. Arcjet reports the result to your dashboard, but does not send any data to the cloud.