ATG components are configured with plain text properties files. You should set access levels on your properties files so they can’t be altered or viewed by unauthorized users. Only site administrators site should have read and write permission. ATG must be invoked from an account with these permissions as well. The properties files that contain sensitive information typically reside in each server’s localconfig
directory. The most important properties files to protect include:
Component | Description |
---|---|
| Basic configuration for ATG |
| Default configuration for any service that uses SSL |
| Distributed transaction DataSource |
| JTA participating and pooling DataSource |
| Checks the POP server for bounced e-mail |
The most important ATG Commerce properties files to protect include:
Component | Description |
---|---|
| A distributed transaction |
| A distributed transaction |
These ATG Commerce properties files are located in a .jar
file at <ATG2007.3dir>/DCS/config/config.jar
. For more information on ProductCatalogFakeXADataSourceA.properties
and ProductCatalogFAkeXADataSourceB.properties
, refer to the Transferring Product Catalog and Price List Data Using Copy and Switch section of the Configuring and Populating a Production Database chapter in the ATG Commerce Programming Guide.
In addition to using access levels to protect properties, the atg.service.jdbc.FakeXADataSource
class supports decryption of Base64-encoded information. To use it, create an atg.service.jdbc.SimpleLoginDecoder
component (which implements PropertyValueDecoder
) called MySimpleLoginDecoder
. Set the loginDecoder
property of FakeXADataSource
to MySimpleLoginDecoder
. You can then set the values of the user
and password
properties in FakeXADataSource
with Base64-encoded values, and rely on the decoder to pass the decoded login to the database when connections are created. See the ATG Programming Guide for more information.