Securing Your Pipeline Logging Folder

Commerce Server 2002

If you use pipeline logging to debug a pipeline, be aware that sensitive information may appear in clear text in the log files. It is recommended that you secure the folder that contains the pipeline logging files. By default, the pipeline logging files are stored in the <drive>:Inetpub\wwwroot\<application name>\pipeline\logfiles folder, where <drive> is the drive partition where Windows is installed and <application name> is the name of your application. For example, the default location of the pipeline log file folder for the default Web site, where Windows is installed on drive D: and the application name is "retail," would be as follows:


To secure the Pipeline Logging folder

  1. Using Windows Explorer, navigate to the \pipeline\logfiles folder on your IIS server for your application.
  2. Right-click the logfiles folder, and then click Properties.
  3. In the LogFiles Properties dialog box, click the Security tab.
  4. On the Security tab, clear the Allow inheritable permissions from parent to propagate to this object checkbox.
  5. In the Security dialog box, click Copy.
  6. In the Name box, click Everyone, and then click Remove.

    Ee823798.note(en-US,CS.20).gif Note

    • The remaining users in the Name box should be Administrators (<Server name>\Administrators) and SYSTEM, both of which are granted Full Control permissions to this folder. This is the recommended security setting for this folder.
  7. In the LogFiles Properties dialog box, click OK.

For more information about setting NTFS security on files and folders, search for the keyword "NTFS" in Windows 2000 Help.

Copyright © 2005 Microsoft Corporation.
All rights reserved.