File system and configuration files

Examples of the types of sensitive information that is stored on the file system are shown in the following list:
  • Financial transmissions that are either being processed or being generated are stored as files on the file system.
  • Business Rules Server uses rule sets that apply to the data content that is being processed. These rule sets are distributed as files on the file system.
  • Error and trace log files might contain personal information.
To protect the files on the file system, such as financial transmissions that are being processed and the Business Rules Server rule set files, you might want to do the following things:
  • Configure the file system to limit access to a user ID that is used by a Payment Feature Services component to process the data. For example, consider limiting the access to incoming files on the file system to a Gateway Server user ID only. Some of the components that process financial data are Distribution, Gateway Server, and some Services Framework tasks.
  • The intermediate files that are created as financial transmissions are processed are not encrypted. Use file system encryption if you want to protect these files.

During installation, the default file permissions for the Payment Feature Services components are set to the values that they need to run. You can use file permissions to further restrict access to the information on the file system.

Java SE component configuration files

The Java™ SE components, such as Business Rules, Gateway Server, and Transaction Server, store some of their configuration information in properties files. The full properties file can be encrypted, or you can partially encode the properties by separating the sensitive information into a secondary file that is encrypted. For more information about how to encrypt properties files, see Encrypting configuration files in Payment Feature Services.

The command line that was used to start a Java SE component can be used to view the configuration from its properties file without having to access the property file itself. You can use the command line to run the list cfg command. This command displays the configuration from a properties file, but not the properties that are in an encrypted property file. Ensure that only users that are authorized to run the command can access the file system location that the Java SE component was started from.

Authorized users can use the same command line to shut down a component, enable tracing, and run other commands for the component.

Additional information

The following topics contain more information about file system and configuration file security.