Managing security in SQL Monitor
Published 03 December 2012
Encryption between the Base Monitor service and Web Server
The communication between the Base Monitor service and the Web Server is encrypted using a self signed certificate.
Where does SQL Monitor store credentials for host machines and SQL Server instances?
When you install SQL Monitor, it creates a single Data Repository database in which all monitoring data, alert information and configuration settings are stored.
When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables inside the Data Repository.
Passwords are obfuscated before they are stored in the Data Repository.
Protecting the configuration file
The configuration file referenced above may contain password information in plain text if you specify SQL Server authentication as part of the connection string. You should ensure that unauthorized users are unable to view the contents of this file, for example, by denying then access to the folder.
The Base Monitor service account needs access to the configuration file.
Log files
There is no sensitive information logged in the log files created by the Base Monitor service or the Web Server.