ATG components are configured with plain text properties files. You should set access levels on your properties files so they cannot be altered or viewed by unauthorized users. Only site administrators should have read and write permissions. ATG must be invoked from an account with these permissions as well. The properties files that contain sensitive information typically reside in each server’s localconfig directory, but as a general practice, all ATG components should be secured.
For more information, see the Setting Access Levels for Properties Files section of the Installation and Configuration Guide.
