A proxy can become privy to information that is intended to be secret. Some of these secrets are private to the organization that owns the proxy, e.g., the passwords the proxy uses to access servers, while others are the secrets of the users whose traffic traverses the proxy. Becoming privy to user's secrets is particularly likely when the proxy is capable of intercepting and decrypting encrypted traffic, such as HTTPS traffic. The proxy should attempt to prevent the disclosure of these secrets.
Conventional commercial IT products often include a troubleshooting mechanism that makes a complete copy of the contents of the device's memory at the time a fault is detected (a so-called memory or “core” dump). The information in this dump is typically sent to the vendor of the device and used by the vendor's engineering team to analyze the state of the device at the time of the fault in an attempt to find the root cause.
The conventional dump mechanism is indiscriminate in that it dumps all the contents of the device's memory. If the device's memory contains secret or sensitive data, this data will be exposed to the vendor's engineering team if and when the dump is sent for analysis. This exposure is a problem for both the customer and the vendor. The customer has exposed secret data (either his own or his users) and so must consider them compromised. Users will have their privacy invaded. Furthermore, possession of this secret data may impose a duty on the vendor to keep that data secret. If the data is revealed by the vendor's action, embarrassment or possibly legal liability could result. In certain jurisdictions, evidence of criminal activity discovered in such a way may have to be reported to the authorities. Thus, the employee may be placed in the difficult position of violating confidentiality agreements or the law.