Securing the SiteConfigReadOnly Object
Web sites use the SiteConfigReadOnly object to get connection strings for the runtime resources from the Administration database. The SiteConfigReadOnly object must be accessible by all user accounts that will access Commerce Server applications: it is required for anonymous users to have read access to the Administration database so they can access the Commerce Server databases during run time.
If you use Windows Integrated Security, the data returned to the SiteConfigReadOnly object is secure because no user names or passwords are stored.
- If you are using SQL authentication (not the recommended configuration), or if your Web server is not secured, and an attacker is able to upload and execute a script, that attacker can retrieve the connection string information for all of your databases and penetrate your firewalls.
To allow anonymous access, the SiteConfigReadOnly object must be available to the anonymous account, named IUSR_<*computername>. If you are using an ASP.NET site, the anonymous account is ASPNET. The key for the *SiteConfigReadOnly object is D1AA04A4-B00D-4D30-88AA-E3070DAE8040.
In addition, it is recommended that you secure the SiteConfigReadOnly object further by locking it down with a COM+ application.
To secure the SiteConfigReadOnly object with a COM+ application
Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
Expand Component Services, expand My Computer, and then expand COM+ Applications.
Expand Commerce Server Config, right-click Components, click New, and then click Components.
The COM Components Install Wizard is started.
Click Importing components that are already registered.
In the Choose Components to Import dialog box, select CS_MSCSCfg.SiteConfigReadOnly, and then click Next.
Expand Components, right-click CS_MSCSCfg.SiteConfigReadOnly, and then click Properties.
On the Security tab, select Administrators and Web Users, and then click OK.