Documentation forDatabase Performance Analyzer

Configure password protection for DPA features that allow custom SQL

To prevent unauthorized users from entering malicious SQL, you can configure password protection for DPA features that allow users to enter custom SQL. These features include:

  • Custom metrics
  • Custom alerts
  • The database query tool
  • The Update DB Instance Connection Wizard

Enable password protection

When password protection is enabled, users are prompted for the specified password when they test or save a custom metric or custom alert, and when they open the database query tool or the Updated DB Instance Connection Wizard.

  1. Open the sqlauth.xml file in a text editor. This file is located in the following directory:

    <DPA-install-dir>\iwc\tomcat\ignite_config\iwc\security

    The default location is:

    C:\Program Files\SolarWinds\DPA\iwc\tomcat\ignite_config\iwc\security

  2. Enter the password as the value of the <entry key="sql.authentication.password"> setting. The password must contain:
    • At least 7 characters
    • At least 1 numeric character

    For example:

    <entry key="sql.authentication.password">MyPassword1</entry>

    If the password includes special characters (for example, &), enclose the password with CDATA as follows:

    <entry key="sql.authentication.password"><![CDATA[My&Password1]]></entry>

  3. Save the file.

    Changes take effect immediately. The password in the sqlauth.xml file is encrypted the first time DPA prompts a user to enter it.

Disable password protection

Password protection is disabled by default. If you enable it and then wish to disable it again, complete the following steps.

  1. Open the sqlauth.xml file in a text editor. This file is located in the following directory:

    <DPA-install-dir>\iwc\tomcat\ignite_config\iwc\security

    The default location is:

    C:\Program Files\SolarWinds\DPA\iwc\tomcat\ignite_config\iwc\security

  2. Remove the value of the <entry key="sql.authentication.password"> setting. For example:

    <entry key="sql.authentication.password"></entry>

  3. Save the file.

    Changes take effect immediately.