Setting Access Levels for Properties Files

ATG components are configured with plain text properties files. You should set access levels on your properties files so they cannot be altered or viewed by unauthorized users. Only site administrators should have read and write permission. ATG must be invoked from an account with these permissions as well. The properties files that contain sensitive information typically reside in each server’s localconfig directory. The most important properties files to protect include:

Component

Description

/atg/dynamo/Configuration.properties

Basic configuration for ATG

/atg/dynamo/security/BasicSSLConfiguration.properties

Default configuration for any service that uses SSL

/atg/dynamo/service/jdbc/FakeXADataSource.properties

Distributed transaction data source

/atg/dynamo/service/jdbc/JTDataSource.properties

Note: Multiple versions of this component may exist in your installation; all of them may contain information that should be protected.

JTA participating and pooling data source

/atg/dynamo/service/POP3Service.properties

Checks the POP server for bounced e-mail

The most important ATG Commerce properties files to protect include:

Component

Description

atg/commerce/jdbc/ProductCatalogFakeXADataSourceA.properties

A distributed transaction DataSource

atg/commerce/jdbc/ProductCatalogFakeXADataSourceB.properties

A distributed transaction DataSource

These ATG Commerce properties files are located in a .jar file at <ATG11dir>/DCS/config/config.jar. For more information on ProductCatalogFakeXADataSourceA.properties and ProductCatalogFAkeXADataSourceB.properties, refer to the Commerce Programming Guide.

Copyright © 1997, 2014 Oracle and/or its affiliates. All rights reserved. Legal Notices