Make sure the file system permissions for all Oracle ATG Web Commerce application files have the most restrictive settings possible. No not allow users other than the user account for the application itself and the system administrator to read, write, or execute application files.

For example, if you are using a UNIX or Linux operating system, configure a dedicated user account for your Oracle ATG Web Commerce applications. Set the file permissions for the files created by that user account so that other users cannot read, write, or execute them. To do this, set the umask configuration for the user account to 077.