SmartTarget security best practices
This topic describes the best practices concerning security for SmartTarget.
- SmartTarget Deployment Web Service
- If you use the SmartTarget Deployment Web Service (for remote deployment), set it up to use SSL (HTTPS) and a specific user. You may also want to limit the IP range that can access it, to the IP address of your Content Deployer machine(s).
- Fredhopper Web service
- If possible, secure the Fredhopper Web Service (for querying). Set up your firewall to restrict access to the Fredhopper Web Service, only allowing access from your own Web servers.
- Password encryption
-
SDL Tridion provides a command line tool for encrypting sensitive data such as passwords in your configuration files (
smarttarget_conf.xml).