SQL Monitor is a web application that is accessed using a web browser within your LAN. The following aspects of SQL Monitor may therefore require security considerations:

Encryption between the Base Monitor service and Web Server

The communication between the Base Monitor service and the Web Server is encrypted using a self signed certificate.

Where does SQL Monitor store credentials for host machines and SQL Server instances?

When you install SQL Monitor, it creates a single Data Repository database in which all monitoring data, alert information and configuration settings are stored.

When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables inside the Data Repository.

Passwords are obfuscated before they are stored in the Data Repository.

Protecting the configuration file

The configuration file referenced above may contain password information in plain text if you specify SQL Server authentication as part of the connection string. You should ensure that unauthorized users are unable to view the contents of this file, for example, by denying then access to the folder.

Log files

There is no sensitive information logged in the log files created by the Base Monitor service or the Web Server.

Password for accessing the SQL Monitor website

When you first install and run SQL Monitor, you will be prompted to create a password that will be required for anyone accessing SQL Monitor web pages.

There are no complexity restrictions for the password.