Managing security in SQL Monitor

SQL Monitor is a web application that is accessed using a web browser within your LAN. The following aspects of SQL Monitor may therefore require security considerations:

Encryption between the Base Monitor service and Web Server

The communication between the Base Monitor service and the Web Server is encrypted using a self signed certificate. For future releases, we plan to support the use of user-specified certificates.

Where does SQL Monitor store credentials for host machines and SQL Server instances?

When you install SQL Monitor, it creates a single Data Repository database in which all monitoring data, alert information and configuration settings are stored.

When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables inside the Data Repository.

Passwords are obfuscated before they are stored in the Data Repository.

Protecting the configuration file

The configuration file referenced above may contain password information in plain text if you specify SQL Server authentication as part of the connection string. You should ensure that unauthorized users are unable to view the contents of this file, for example, by denying then access to the folder.

Note: The Base Monitor service account needs access to the configuration file.

Log files

There is no sensitive information logged in the log files created by the Base Monitor service or the Web Server.

Passwords for accessing the SQL Monitor website

When you first install and run SQL Monitor, you will be prompted to create an Administrator password that will be required for anyone accessing SQL Monitor web pages with Administrator permissions. Once you've logged in as an Administrator, you can create Standard and Read-only user roles. See Managing user roles.

There are no complexity restrictions for the passwords.

Was this article helpful?

Search support