Managing security
Published 08 March 2018
Encryption between the monitoring service and web server
The communication between the monitoring service and the web server is encrypted with a self-signed certificate.
Credentials for host machines and SQL Server instances
SQL Monitor stores monitoring data, alert information and configuration settings in the SQL Monitor database (see Configuring the SQL Monitor database).
When you add servers to monitor, the login and password you provide for each host Windows machine and SQL Server instance are stored in settings tables in the SQL Monitor database. Passwords are obfuscated before being stored, but they're not encrypted, so make sure you limit access to the database.
Protecting the configuration file
The configuration file might contain password information in plain text if you specify SQL Server authentication as part of the connection string. Make sure unauthorized users can't view the file's contents; for example, you could deny access to the folder.
The monitoring service account needs access to the configuration file.
Log files
No sensitive information is logged in the log files created by the monitoring service or web server.