Managing security in SQL Monitor
Published 28 October 2013
Encryption between the monitoring service and web server
The communication between the monitoring service and the web server is encrypted with a self-signed certificate.
Where does SQL Monitor store credentials for host machines and SQL Server instances?
SQL Monitor stores monitoring data, alert information and configuration settings in the SQL Monitor database (see Configuring the SQL Monitor database).
When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables in the SQL Monitor database. Passwords are obfuscated before they are stored.
Protecting the configuration file
The configuration file might contain password information in plain text if you specify SQL Server authentication as part of the connection string. Make sure unauthorized users can't view the file's contents; for example, you could deny access to the folder.
The monitoring service account needs access to the configuration file.
Log files are safe
No sensitive information is logged in the log files created by the monitoring service or web server.