There are some technical issues that might be good to know, extracted from the in depth facts found in Configuration Instructions ACE Chat and Site Environment Requirements ACE Chat.
One minor detail is that to be able to chat via ACE, the customer’s web browser must allow so-called JavaScript.
Another is about the time stamps in the chat history. To ensure that the times for chat entries are correct they all use the same clock, the one in ACE Server. This means that no attention is paid to the clock in the customer’s, or the agent’s computer.
Security and control mechanisms
ACE Chat Engine is validated by Telia Company for security.
Some, not configurable, control mechanisms are included in ACE Chat:
- In case the same chat session posts entries too often, the session will be disconnected.
- If requests for chat come too frequently the request will be denied.
- In case a contact data key, or its value, in a chat request, exceeds 512 characters, the key name or the value will be shortened.
- A maximum of 10 contact data keys can be specified in a chat request.
- Invisible check characters are automatically filtered away from chat entries.
- Each chat session in progress uses a temporary, unique identifier which is attached to all messages from ACE Chat Engine. The purpose of doing this is i.a. to guarantee that a third party cannot falsify chat entries in a chat in progress.
- Furthermore, there is an option to adapt the validity check of incoming chats in ACE Chat Engine. Such a check is configured by Telia Company after agreement with the customer service.
Control mechanisms that you can configure yourselves are the following:
- The number of chat sessions in progress per ACE Chat Engine. By limiting this parameter you minimize the risk for successful overloading attacks. The limit value is configured in ACE Admin, the Chat Engines window.
- Too long chat entries are shortened. The limit value is configured in ACE Admin, System parameters for chat.
SSL technique and certificates
The protocol used between ACE Chat Client and ACE Chat Engine is https. The communication is encrypted with SSL, a standard technique for secure web applications. SSL protects against bugging and/or manipulation of the messages sent in the chat. SSL can also be used to ensure that you are indeed communication with the correct server, i.e. server authenticity. To be able to confirm the server authenticity, the server requires a certificate from a trusted certificate publisher. For a locally placed solution, the customer service must procure such a certificate. In the service placed solution, Telia Company provides this certificate.
Logging of IP address
The IP number from where a chatter requests Chat Engine is sent along to ACE Server in a contact data key with the sourceIp database name. The contact data key is stored in Interaction View, but can also be configured to be seen in real-time in ACE Agent. When using proxies several IP numbers can exist but they are all then included as values in the contact data key, in a comma separated list, sorted with the most likely IP number at the top.