Hi,
for some of our components we're using the target functionality to personalize the content. For the used segments we use a custom context store. This context store reads personal data of a encrypted token of a cookie.
The problem is, that actually all types of context stores read the data and put them human readable in the javascript context of the client. The segments are resolved on client side too. So in this case we have a problem with data protection.
Our solution was to write only the keys of the token into the JSON string for the context store. To resolve the segments (in our case we use the 'generic store property') we overwrote the libs/cq/personalization/components/traits/generic/traits.js.jsp.
The traits.js.jsp checks now if our custom store is selected, resolves the logic of the segment against the token content, and delivers true or false (depends on the result of the validation). In the case that another (build in) store is selected, the implementation is the same like in the original traints.js.jsp.
My question:
In Germany we have very strict data protection standards. So we have to consider them. Is there another - better - way to solve this problem? Maybe without overriding some kernel functionality (because with every AEM upgrade we have to check, if it still works) or are there attempts to support server side resolution of segments in future version of AEM?
Regards, Andrea
