Episode 01: FAQs
Saad Ahmad Answers your Questions
It will not clear integrator cache. Integrator cache is kept in internal memory structure of the native processes and is cleared only when native process bounces or explicit MOCA command is called for clearing integrator cache.
- Read text file directly using notepad etc. Do not underestimate the power of notepad and vi
- Read in BY provide trace viewer
- Our preference: read in Smart MOCA Client trace viewer. This has a nice viewer and also allows loading to the database
- The competing product for “Smart MOCA Client” called “Lexedit” has a very nice trace viewer as well.
- Sl_dwnld is created, for example, when the file is dropped in the folder
- Sl_ifd_data_hdr and sl_ifda_dtl are created when sl_dwnld moves to ID status. Say it is one order with 3 order lines. Sl_ifd_data_hdr will have 1 row and sl_ifd_data_dtl will have 4. Sl_ifd_data_dtl.ifd_id, ifd_ver, ifd_seg_id will be populated
- Event is logged
- Eo is created (sl_eo_data_hdr/sl_eo_data_dtl)
- Result IFD is created (sl_ifd_data_hdr/sl_ifd_data_dtl). Same tables as #b but different ifd_id, ifd_ver, ifd_seg_id.
- This result IFD has “processing algorithm” that has the “create order” and “create order line” calls.
- So when the result IFD is sent that means that order and order lines have been created in ord and ord_line tables
That is a much broader question and it gives us an idea that we need a webinar on security in general. Integration specifically has a very narrow security exposure. Sure if someone sent an “order file” that looks valid to send that new Samsung TV to their home, that order may be fulfilled but that is more of an academic scenario rather than a real one. But general questions about controlling database access, security setup for users, LDAP, etc. are interesting topics. Broadly speaking
- You can (and should) set up users in BY such that passwords are in LDAP
- If passwords are setup in BY they are encrypted using strong one-way encryption techniques. Exact algorithms are proprietary (e.g. regarding salt etc)
- The database password is stored in the registry as an encrypted value. That is not one-way encryption since BY needs to decrypt it. That is a proprietary encryption algorithm and secure.
- It is a single file on a server in case you want to periodically change it.
- Databases must be set up for point in time recovery [full recovery model] and backups should be moved to offline storage that is not mounted on the servers so that ransomware does not spread to backups. But in case of ransomware attacks, these backups would be the only way to recover.
- Connections to BY application should be done using “HTTPS” and the MTF connections over SSL.
- Setup the registry parameters so that passwords do not appear in trace files.
Setup security on the server so that adhoc access (WinMSQL, server command operations, Smart MOCA Client, Lexedit) cannot access servers when not allowed. If a MOCA Client does not support this functionality, its use must be officially not allowed (corporate policies, procedures, and audits)