Secure > Enhance site security
Optimize the MigrateEncryptedInfo utility
MigrateEncryptedInfo is a utility that is used for re-encrypting sensitive data stored in the database. It executes two tasks within this utility and each of the tasks is controlled by a separate configuration file.
The MigrateEncryptedInfo script is located in the following directory:
- WC_INSTALL/bin/MigrateEncryptedInfo.sh
- WC_INSTALL/bin/MigrateEncryptedInfo.bat
When you open up the MigrateEncryptedInfo script, you can see that there are two calls to MKChangeApp. Each of these calls represents a distinct task that the script performs.
Task one
The first task enforces that the sensitive data in the database is consistent with the PDIEncrypt flag specified in the instance configuration file. If this task detects that the data and the PDIEncrypt flag are out of sync, it will migrate the data to the current merchant key.
For example, if the data in the database is currently in plain text, but you want it to be encrypted, change the PDIEncrypt setting in the instance configuration file to "on" and then run this task. Once the PDIEncrypt flag is enabled, any subsequent data entered into the database will also be encrypted. Alternatively, if the data in the database is currently encrypted, but you want it to be in plain text, change the PDIEncrypt setting in the instance configuration file to "off" and then run this task and the existing data will be decrypted. Any subsequent data entered into the database will also be decrypted.
This task is controlled by the following configuration file:
- WC_INSTALL/bin/CCInfoDBUpdate.DBTYPE.txt
- WC_INSTALL\bin\CCInfoDBUpdate.DBTYPE.txt
This configuration file contains one action item, called SyncCreditCardsEncryption, which provides an implementation class name to process the data and the database tables that it runs this action against. In the configuration file, you can see that by default it checks the following tables to see whether encryption/decryption is required:
Task two
The second task performed by the MigrateEncryptedInfo utility re-encrypts sensitive data in the database with the new merchant key. This task is controlled by the following configuration file:
- WC_INSTALL/schema/DBTYPE/migration/DBUpdate.txt
- WC_INSTALL\schema\DBTYPE\migration\DBUpdate.txt
When you examine this configuration file, it contains four action items:
- ReEncryptUserPasswords
- The first action item, ReEncryptUserPasswords, migrates user passwords (stored in the USERREG table) to the new password scheme (one way hashed), and to the new merchant key. Due to security improvements, if you are migrating the database from a version of WebSphere Commerce earlier than version 5.4, running the ReEncryptUserPasswords action is mandatory to encrypt the user passwords to the new format. This action also performs the migration of user passwords to a new merchant key.
- ReEncryptUserPasswordHistory
- The next action item, ReEncryptUserPasswordHistory, migrates old user passwords (stored in the USERPWDHST table) to the new merchant key. If you have configured a password policy to store previous passwords, run this action.
- ReEncryptCreditCards
- The third item in the configuration, ReEncryptCreditCards, re-encrypts credit card data using a new merchant key. This action is required if the PDIEncrypt flag is "on" in the instance configuration file and credit card data needs to be re-encrypted with the new key. The data in the following tables are processed as part of this action:
- ReEncryptGiftCenterUserPasswords
- Migrates gift center user passwords (stored in the GRUSERAUTH table) to the new merchant key. If you are not using Gift Registry, you do not need to run this action item.
Minimize the running time of the MigrateEncryptedInfo utility by eliminating unnecessary actions
The MigrateEncryptedInfo utility reads database data first before checking whether re-encryption needs to be performed against the retrieved data for each action. If you know ahead of time certain tasks do not apply to the site configuration, you can customize the script such that these tasks will not be performed. This will save some time in reading and processing the data. This is especially valuable if you have a large data set.
The following sections describe situations where unnecessary actions can be removed from the utility script.
Certain of these situations are not necessarily recommended (for example, we recommend the use of password history), but are included for completeness.
- There are no changes to the PDIEncrypt setting
The first task of enforcing the PDIEncrypt setting in the instance configuration file is unnecessary if you did not change this setting prior to running this script. That is, if the setting is always "on" or "off". You can eliminate this task by simply commenting out the execution of this task from the MigrateEncryptedInfo script.
The following sections of the MigrateEncryptedInfo script need to be commented out:
cp -f CCInfoDBUpdate.$DBTYPEEXT.txt $WCTEMPDIR/DBUpdate.txt cd $WCTEMPDIR ${JAVA_EXE?} -Xmx512m -DnewKeyNeeded=true -DInstanceXMLFileAccess.debug=true -cp $CP com.ibm.commerce.dbupdatetool.MKChangeApp "action1_2" $WCINST $param3 $param4 > $WCLOGDIR/CCInfoMigration.log 2> $WCLOGDIR/MigrateEncryptedInfoError.log $WCINST > $WCLOGDIR/CCInfoMigration.log 2> $WCLOGDIR/MigrateEncryptedInfoError.log if [ "$?" = "1" ] then echo "Migration failed. Please check $WCLOGDIR/CCInfoMigration.log and $WCLOGDIR/MigrateEncryptedInfoError.log for details." rm -f DBUpdate.txt cd $WCS_HOME/bin exit 1 fi # cleanup before another step rm -f DBUpdate.txt cd $WCS_HOME/bin
The following sections of the MigrateEncryptedInfo script need to be commented out:
copy CCInfoDBUpdate.%DBTYPE%.txt %WCTEMPDIR%\DBUpdate.txt cd %WCTEMPDIR% %JAVA_HOME%\bin\java -Xmx512m -DnewKeyNeeded=true - DInstanceXMLFileAccess.debug=true -cp %CP% com.ibm.commerce.dbupdatetool.MKChangeApp "action1_2" %2 %3 %4 > % WCLOGDIR%\CCInfoMigration.log 2> %WCLOGDIR%\ MigrateEncryptedInfoError.log if errorlevel 1 goto exec_failed1 del DBUpdate.txt cd ..\bin
- LDAP is in use as the user repository
If the site uses LDAP as the user repository, the user's current and previous passwords are not kept in the USERREG and USERPWDHST tables. This means that the action items that re-encrypt the user's current and previous passwords become unnecessary.
In this situation, the following action items can be removed from the configuration file of the second task, DBUpdate.txt:
[ActionItem] ID=ReEncryptUserPasswords DisplayID=Change Merchant Key UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=USERREG TableColumns=USERS_ID,LOGONPASSWORD,SALT UniqueColumns=USERS_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value= [ActionItem] ID=ReEncryptUserPasswordHistory DisplayID=Change User Password History UpdateClassName=com.ibm.commerce.dbupdatetool.DataReEncrypter [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=USERPWDHST TableColumns=PREVLOGONPASSWORD UniqueColumns=USERPWDHST_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
- Previous passwords (password history) are not stored in the database
- If you do not configure the password policy to store the user's previous passwords, then you can disable the ReEncryptUserPasswordHistory action that processes the data in the USERPWDHST table.
Remove the following action item from the DBUpdate.txt configuration file:
[ActionItem] ID=ReEncryptUserPasswordHistory DisplayID=Change User Password History UpdateClassName=com.ibm.commerce.dbupdatetool.DataReEncrypter [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=USERPWDHST TableColumns=PREVLOGONPASSWORD UniqueColumns=USERPWDHST_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
- The PDIEncrypt flag is set to "off"
If credit card data is not encrypted or not stored in the WebSphere Commerce database, the action item that re-encrypts this data can be removed from the DBUpdate.txt configuration file.
[ActionItem] ID=ReEncryptCreditCards DisplayID=Re encrypt the credit cards UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=PATTRVALUE TableColumns=STRINGVALUE,ENCRYPTFLAG UniqueColumns=PATTRVALUE_ID [DBTable] TableName=ORDPAYINFO TableColumns=VALUE UniqueColumns=ORDPAYINFO_ID [DBTable] TableName=ORDPAYMTHD TableColumns=PAYDEVICE UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
Minimize the running time of the MigrateEncryptedInfo utility by using multiple servers
If you have a clustered environment, you can make use of multiple application servers to run the MigrateEncryptedInfo utility. The configuration files allow you to configure the script so that each application server is responsible for processing one table. Making use of multiple application servers can help in reducing the running time of this utility.
This strategy can only be used if you have (at least) one application server available per table that needs to be processed.
To run the MigrateEncryptedInfo utility on multiple application servers:
- Eliminate the tasks and action items that do not apply to your site's configuration.
- Identify the tables that the remaining tasks in the configuration files (CCInfoDBUpdate.DBTYPE.txt and DBUpdate.txt) will process.
- Divide up the tables among the application servers.
- Change the configuration files for each application server such that each script process one table.
Consider the following example, where you change the merchant key without modifying the PDIEncrypt "on" setting.
A site is deployed on a clustered environment with four application servers, using the WebSphere Commerce database as the user repository. Your password policy is configured such that the password history of the users are not retained.
For this example, because the PDIEncrypt flag did not change, you can eliminate the first task from the MigrateEncryptedInfo script. All scripts in the cluster need to be updated. Because the password history is not kept in the WebSphere Commerce database, you can disable the ReEncryptUserPasswordHistory action that processes the data in the USERPWDHSTtable. No other tasks or action items can be removed, because WebSphere Commerce database is used as the user repository and credit card data is encrypted in the database.
After eliminating the unnecessary task and action item the configuration file, DBUpdate.txt, appears in the following sample:
[ActionItem] ID=ReEncryptUserPasswords DisplayID=Change Merchant Key UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=USERREG TableColumns=USERS_ID,LOGONPASSWORD,SALT UniqueColumns=USERS_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value= [ActionItem] ID=ReEncryptCreditCards DisplayID=Re encrypt the credit cards UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=PATTRVALUE TableColumns=STRINGVALUE,ENCRYPTFLAG UniqueColumns=PATTRVALUE_ID [DBTable] TableName=ORDPAYINFO TableColumns=VALUE UniqueColumns=ORDPAYINFO_ID [DBTable] TableName=ORDPAYMTHD TableColumns=PAYDEVICE UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
As you can see from this configuration, four tables will be processed:
Now you can divide up the table such that each application server is responsible for re-encrypting data from one table. Assign the table with the most number of records to be processed by the most powerful application server.
The following example configuration files for each server are provided:
- Application Server 1: USERREG
[ActionItem] ID=ReEncryptUserPasswords DisplayID=Change Merchant Key UpdateClassName=com.ibm.commerce.dbupdatetool.OneWayHashEncoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=USERREG TableColumns=USERS_ID,LOGONPASSWORD,SALT UniqueColumns=USERS_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
- Application Server 2: PATTRVALUE
[ActionItem] ID=ReEncryptCreditCards DisplayID=Re encrypt the credit cards UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=PATTRVALUE TableColumns=STRINGVALUE,ENCRYPTFLAG UniqueColumns=PATTRVALUE_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
- Application Server 3: ORDPAYINFO
[ActionItem] ID=ReEncryptCreditCards DisplayID=Re encrypt the credit cards UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=ORDPAYINFO TableColumns=VALUE UniqueColumns=ORDPAYINFO_ID [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=
- Application Server 4: ORDPAYMTHD
[ActionItem] ID=ReEncryptCreditCards DisplayID=Re encrypt the credit cards UpdateClassName=com.ibm.commerce.dbupdatetool.CCInfoReencoder [DBAccess] DriverClassName=COM.ibm.db2.jdbc.app.DB2Driver HostName= HostJDBCPort= ConnectionPrefix=jdbc:db2 DatabaseName= DatabaseUserName= DatabaseUserPassword= [DBTable] TableName=ORDPAYMTHD TableColumns=PAYDEVICE UniqueColumns=ORDERS_ID,PAYMETHOD,PAYDEVICE,REFUNDNUMBER [Parameter] ID=OldEncryptionKey DisplayID=OldEncryptionKey Value= [Parameter] ID=NewEncryptionKey DisplayID=NewEncryptionKey Value=