ATG components are configured with plain text properties files. You should set access levels on your properties files so they can’t be altered or viewed by unauthorized users. Only site administrators site should have read and write permission. ATG must be invoked from an account with these permissions as well. The properties files that contain sensitive information typically reside in each server’s localconfig directory. The most important properties files to protect include:
Component | Description |
|---|---|
| Basic configuration for ATG |
| Default configuration for any service that uses SSL |
| Distributed transaction DataSource |
| JTA participating and pooling DataSource |
| Checks the POP server for bounced e-mail |
The most important ATG Commerce properties files to protect include:
Component | Description |
|---|---|
| A distributed transaction |
| A distributed transaction |
These ATG Commerce properties files are located in a .jar file at <ATG2007.3dir>/DCS/config/config.jar. For more information on ProductCatalogFakeXADataSourceA.properties and ProductCatalogFAkeXADataSourceB.properties, refer to the Transferring Product Catalog and Price List Data Using Copy and Switch section of the Configuring and Populating a Production Database chapter in the ATG Commerce Programming Guide.
In addition to using access levels to protect properties, the atg.service.jdbc.FakeXADataSource class supports decryption of Base64-encoded information. To use it, create an atg.service.jdbc.SimpleLoginDecoder component (which implements PropertyValueDecoder) called MySimpleLoginDecoder. Set the loginDecoder property of FakeXADataSource to MySimpleLoginDecoder. You can then set the values of the user and password properties in FakeXADataSource with Base64-encoded values, and rely on the decoder to pass the decoded login to the database when connections are created. See the ATG Programming Guide for more information.
