Secure > Enhance site security


Optimize the MigrateEncryptedInfo utility

MigrateEncryptedInfo is a utility that is used for re-encrypting sensitive data stored in the database. It executes two tasks within this utility and each of the tasks is controlled by a separate configuration file.

The MigrateEncryptedInfo script is located in the following directory:

When you open up the MigrateEncryptedInfo script, you can see that there are two calls to MKChangeApp. Each of these calls represents a distinct task that the script performs.


Task one

The first task enforces that the sensitive data in the database is consistent with the PDIEncrypt flag specified in the instance configuration file. If this task detects that the data and the PDIEncrypt flag are out of sync, it will migrate the data to the current merchant key.

For example, if the data in the database is currently in plain text, but you want it to be encrypted, change the PDIEncrypt setting in the instance configuration file to "on" and then run this task. Once the PDIEncrypt flag is enabled, any subsequent data entered into the database will also be encrypted. Alternatively, if the data in the database is currently encrypted, but you want it to be in plain text, change the PDIEncrypt setting in the instance configuration file to "off" and then run this task and the existing data will be decrypted. Any subsequent data entered into the database will also be decrypted.

This task is controlled by the following configuration file:

This configuration file contains one action item, called SyncCreditCardsEncryption, which provides an implementation class name to process the data and the database tables that it runs this action against. In the configuration file, you can see that by default it checks the following tables to see whether encryption/decryption is required:


Task two

The second task performed by the MigrateEncryptedInfo utility re-encrypts sensitive data in the database with the new merchant key. This task is controlled by the following configuration file:

When you examine this configuration file, it contains four action items:

ReEncryptUserPasswords

The first action item, ReEncryptUserPasswords, migrates user passwords (stored in the USERREG table) to the new password scheme (one way hashed), and to the new merchant key. Due to security improvements, if you are migrating the database from a version of WebSphere Commerce earlier than version 5.4, running the ReEncryptUserPasswords action is mandatory to encrypt the user passwords to the new format. This action also performs the migration of user passwords to a new merchant key.

ReEncryptUserPasswordHistory

The next action item, ReEncryptUserPasswordHistory, migrates old user passwords (stored in the USERPWDHST table) to the new merchant key. If you have configured a password policy to store previous passwords, run this action.

ReEncryptCreditCards

The third item in the configuration, ReEncryptCreditCards, re-encrypts credit card data using a new merchant key. This action is required if the PDIEncrypt flag is "on" in the instance configuration file and credit card data needs to be re-encrypted with the new key. The data in the following tables are processed as part of this action:

ReEncryptGiftCenterUserPasswords

Migrates gift center user passwords (stored in the GRUSERAUTH table) to the new merchant key. If you are not using Gift Registry, you do not need to run this action item.


Minimize the running time of the MigrateEncryptedInfo utility by eliminating unnecessary actions

The MigrateEncryptedInfo utility reads database data first before checking whether re-encryption needs to be performed against the retrieved data for each action. If you know ahead of time certain tasks do not apply to the site configuration, you can customize the script such that these tasks will not be performed. This will save some time in reading and processing the data. This is especially valuable if you have a large data set.

The following sections describe situations where unnecessary actions can be removed from the utility script.

Certain of these situations are not necessarily recommended (for example, we recommend the use of password history), but are included for completeness.

There are no changes to the PDIEncrypt setting

The first task of enforcing the PDIEncrypt setting in the instance configuration file is unnecessary if you did not change this setting prior to running this script. That is, if the setting is always "on" or "off". You can eliminate this task by simply commenting out the execution of this task from the MigrateEncryptedInfo script.

The following sections of the MigrateEncryptedInfo script need to be commented out:

cp -f CCInfoDBUpdate.$DBTYPEEXT.txt $WCTEMPDIR/DBUpdate.txt 
cd $WCTEMPDIR 
${JAVA_EXE?} -Xmx512m -DnewKeyNeeded=true 
-DInstanceXMLFileAccess.debug=true -cp $CP 
com.ibm.commerce.dbupdatetool.MKChangeApp "action1_2" 
$WCINST $param3 
$param4 > $WCLOGDIR/CCInfoMigration.log 2> $WCLOGDIR/MigrateEncryptedInfoError.log
$WCINST > $WCLOGDIR/CCInfoMigration.log 2> $WCLOGDIR/MigrateEncryptedInfoError.log 
if [ "$?" = "1" ] 
then 
echo "Migration failed. Please check $WCLOGDIR/CCInfoMigration.log and $WCLOGDIR/MigrateEncryptedInfoError.log 
for details." 
rm -f DBUpdate.txt 
cd $WCS_HOME/bin 
exit 1 
fi 
# cleanup before another step 
rm -f DBUpdate.txt 
cd $WCS_HOME/bin

The following sections of the MigrateEncryptedInfo script need to be commented out:

copy CCInfoDBUpdate.%DBTYPE%.txt %WCTEMPDIR%\DBUpdate.txt 
cd %WCTEMPDIR% 
%JAVA_HOME%\bin\java -Xmx512m -DnewKeyNeeded=true -
DInstanceXMLFileAccess.debug=true -cp %CP% 
com.ibm.commerce.dbupdatetool.MKChangeApp "action1_2" %2 %3 %4 > %
WCLOGDIR%\CCInfoMigration.log 2> %WCLOGDIR%\
MigrateEncryptedInfoError.log
if errorlevel 1 goto exec_failed1 
del DBUpdate.txt 
cd ..\bin

LDAP is in use as the user repository

If the site uses LDAP as the user repository, the user's current and previous passwords are not kept in the USERREG and USERPWDHST tables. This means that the action items that re-encrypt the user's current and previous passwords become unnecessary.

In this situation, the following action items can be removed from the configuration file of the second task, DBUpdate.txt:

[ActionItem]
ID=ReEncryptUserPasswords
DisplayID=Change Merchant Key
UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=USERREG
TableColumns=USERS_ID,LOGONPASSWORD,SALT
UniqueColumns=USERS_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

[ActionItem]
ID=ReEncryptUserPasswordHistory
DisplayID=Change User Password History
UpdateClassName=com.ibm.commerce.dbupdatetool.DataReEncrypter
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=USERPWDHST
TableColumns=PREVLOGONPASSWORD
UniqueColumns=USERPWDHST_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

Previous passwords (password history) are not stored in the database

If you do not configure the password policy to store the user's previous passwords, then you can disable the ReEncryptUserPasswordHistory action that processes the data in the USERPWDHST table.

Remove the following action item from the DBUpdate.txt configuration file:

[ActionItem]
ID=ReEncryptUserPasswordHistory
DisplayID=Change User Password History
UpdateClassName=com.ibm.commerce.dbupdatetool.DataReEncrypter
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=USERPWDHST
TableColumns=PREVLOGONPASSWORD
UniqueColumns=USERPWDHST_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

The PDIEncrypt flag is set to "off"

If credit card data is not encrypted or not stored in the WebSphere Commerce database, the action item that re-encrypts this data can be removed from the DBUpdate.txt configuration file.

[ActionItem]
ID=ReEncryptCreditCards
DisplayID=Re encrypt the credit cards
UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=PATTRVALUE
TableColumns=STRINGVALUE,ENCRYPTFLAG
UniqueColumns=PATTRVALUE_ID
[DBTable]
TableName=ORDPAYINFO
TableColumns=VALUE
UniqueColumns=ORDPAYINFO_ID
[DBTable]
TableName=ORDPAYMTHD
TableColumns=PAYDEVICE
UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=


Minimize the running time of the MigrateEncryptedInfo utility by using multiple servers

If you have a clustered environment, you can make use of multiple application servers to run the MigrateEncryptedInfo utility. The configuration files allow you to configure the script so that each application server is responsible for processing one table. Making use of multiple application servers can help in reducing the running time of this utility.

This strategy can only be used if you have (at least) one application server available per table that needs to be processed.

To run the MigrateEncryptedInfo utility on multiple application servers:

  1. Eliminate the tasks and action items that do not apply to your site's configuration.

  2. Identify the tables that the remaining tasks in the configuration files (CCInfoDBUpdate.DBTYPE.txt and DBUpdate.txt) will process.

  3. Divide up the tables among the application servers.

  4. Change the configuration files for each application server such that each script process one table.

Consider the following example, where you change the merchant key without modifying the PDIEncrypt "on" setting.

A site is deployed on a clustered environment with four application servers, using the WebSphere Commerce database as the user repository. Your password policy is configured such that the password history of the users are not retained.

For this example, because the PDIEncrypt flag did not change, you can eliminate the first task from the MigrateEncryptedInfo script. All scripts in the cluster need to be updated. Because the password history is not kept in the WebSphere Commerce database, you can disable the ReEncryptUserPasswordHistory action that processes the data in the USERPWDHSTtable. No other tasks or action items can be removed, because WebSphere Commerce database is used as the user repository and credit card data is encrypted in the database.

After eliminating the unnecessary task and action item the configuration file, DBUpdate.txt, appears in the following sample:

[ActionItem]
ID=ReEncryptUserPasswords
DisplayID=Change Merchant Key
UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=USERREG
TableColumns=USERS_ID,LOGONPASSWORD,SALT
UniqueColumns=USERS_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

[ActionItem]
ID=ReEncryptCreditCards
DisplayID=Re encrypt the credit cards
UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=PATTRVALUE
TableColumns=STRINGVALUE,ENCRYPTFLAG
UniqueColumns=PATTRVALUE_ID
[DBTable]
TableName=ORDPAYINFO
TableColumns=VALUE
UniqueColumns=ORDPAYINFO_ID
[DBTable]
TableName=ORDPAYMTHD
TableColumns=PAYDEVICE
UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

As you can see from this configuration, four tables will be processed:

Now you can divide up the table such that each application server is responsible for re-encrypting data from one table. Assign the table with the most number of records to be processed by the most powerful application server.

The following example configuration files for each server are provided:

Application Server 1: USERREG

[ActionItem]
ID=ReEncryptUserPasswords
DisplayID=Change Merchant Key
UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=USERREG
TableColumns=USERS_ID,LOGONPASSWORD,SALT
UniqueColumns=USERS_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

Application Server 2: PATTRVALUE

[ActionItem]
ID=ReEncryptCreditCards
DisplayID=Re encrypt the credit cards
UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=PATTRVALUE
TableColumns=STRINGVALUE,ENCRYPTFLAG
UniqueColumns=PATTRVALUE_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

Application Server 3: ORDPAYINFO

[ActionItem]
ID=ReEncryptCreditCards
DisplayID=Re encrypt the credit cards
UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=ORDPAYINFO
TableColumns=VALUE
UniqueColumns=ORDPAYINFO_ID
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=

Application Server 4: ORDPAYMTHD

[ActionItem]
ID=ReEncryptCreditCards
DisplayID=Re encrypt the credit cards
UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder
[DBAccess]
DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver
HostName=
HostJDBCPort=
ConnectionPrefix=jdbc:db2
DatabaseName=
DatabaseUserName=
DatabaseUserPassword=
[DBTable]
TableName=ORDPAYMTHD
TableColumns=PAYDEVICE
UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER
[Parameter]
ID=OldEncryptionKey
DisplayID=OldEncryptionKey
Value=
[Parameter]
ID=NewEncryptionKey
DisplayID=NewEncryptionKey
Value=


+

Search Tips   |   Advanced Search