How to Secure Your Pipeline Log Files Folder
If you use pipeline logging to debug a pipeline, be aware that sensitive information may appear in clear text in the log files. It is recommended that you secure the folder that contains the pipeline log files. By default, the pipeline log files are stored in the drive:\Inetpub\wwwroot\application_name\pipelines\log folder, where drive is the drive partition where Microsoft Windows is installed and application_name is the name of your application. For example, the default location of the pipeline log files folder for the default website of an application named "retail", where Windows is installed on drive D, is as follows:
D:\Inetpub\wwwroot\retail\pipelines\log
Use the following procedure to secure the pipeline log files folder.
Note
To enable the pipeline logging on your site, you must grant the IIS user Full Control permissions to the pipeline log files folder. After completing your logging and associated debugging, you should perform the following steps to properly secure the pipeline logging folder.
To secure the pipeline log files folder
Using Windows Explorer, browse to the \pipelines\log folder on the Internet Information Services (IIS) server for your application.
Right-click the log folder, and then click Properties.
In the log Properties dialog box, click the Security tab.
On the Security tab, clear the Allow inheritable permissions from parent to propagate to this object check box.
In the Security dialog box, click Copy.
In the Name box, click Everyone, and then click Remove.
Note
The remaining users in the Name box should be Administrators (Server_name\Administrators) and SYSTEM, both of which are granted Full Control permissions to the pipeline log files folder. This is the recommended security setting for this folder.
In the log Properties dialog box, click OK.