Encryption between the monitoring service and web server

The communication between the monitoring service and the web server is encrypted with a self-signed certificate.

Credentials for host machines and SQL Server instances

SQL Monitor stores monitoring data, alert information and configuration settings in the SQL Monitor database (see Configuring the SQL Monitor database).

When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables in the SQL Monitor database. Passwords are obfuscated before being stored, but they're not encrypted, so make sure you limit access to the database.

Protecting the configuration file

The configuration file might contain password information in plain text if you specify SQL Server authentication as part of the connection string. Make sure unauthorized users can't view the file's contents; for example, you could deny access to the folder.

The monitoring service account needs access to the configuration file.

Log files

No sensitive information is logged in the log files created by the monitoring service or web server.