close

Filter

loading table of contents...

Operations Basics / Version 2412.0

Table Of Contents

4.8.5 Data Storage

Make sure that read and write rights for databases and for file systems containing CMS installations and data are reduced to a minimum.

Some CoreMedia components are configured to write heap dumps when they run out of memory, helping you to quickly diagnose critical failures. Make sure that the directories to which these heap dumps are written are properly secured, because heap dumps contain sensitive information like passwords, which might not have been disposed by the garbage collector.

Log files, too, must only be readable by an authorized staff. They can contain hints that help an attacker spot weaknesses.

The temporary directory of Java as configured by the system property java.io.tmpdir is used for some data. Often it points to a directory that is writable by everyone. Preferably, you should use a secured and isolated temporary directory for each component. Alternatively you can configure the storage directory paths explicitly as far as they default to the temporary directory.

On some operating systems, java.io.tmpdir is mapped to a directory that is regularly cleaned up by the operating system. For short running processes this behaviour won't affect the application, but for long-running processes, this may result in unintended cache data loss and application faults. To prevent this, you should always configure cache locations such as the UAPI blob cache to a different directory outside of these automatically cleaned paths.

The most important data storage locations are summarized in the following list:

  • the databases of all Content Servers and the Workflow Server,

  • if so configured, the blob stores of all Content Servers,

  • the stores of all MongoDB instances,

  • the input directories of importer processes,

  • the Solr home directory, which should be created before Solr is started so that it is does not default to the Java temporary directory,

  • if so configured, the serialization file of the Control Room in-memory store,

  • the temporary file stores of all Replication Content Servers, as configured in the replicator.tmpDir property,

  • the blob caches of all Unified API connections as configured in the repository.blobCachePath property or the Cap.BLOB_CACHE_PATH connection attribute (defaulting to the Java temporary directory),

  • the installation directories of all components,

  • the logging directories.

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.