Configure password protection for DPA features that allow custom SQL
To prevent unauthorized users from entering malicious SQL, you can configure password protection for DPA features that allow users to enter custom SQL. These features include:
- Custom metrics
- Custom alerts
- The database query tool
- The Update DB Instance Connection Wizard
Enable password protection
When password protection is enabled, users are prompted for the specified password when they test or save a custom metric or custom alert, and when they open the database query tool or the Updated DB Instance Connection Wizard.
-
Open the
sqlauth.xmlfile in a text editor. This file is located in the following directory:DPA-install-dir\iwc\tomcat\ignite_config\iwc\securityThe default location is:
C:\Program Files\SolarWinds\DPA\iwc\tomcat\ignite_config\iwc\security - Enter the password as the value of the
<entry key="sql.authentication.password">setting. The password must contain:- At least 7 characters
- At least 1 numeric character
For example:
<entry key="sql.authentication.password">MyPassword1</entry>If the password includes special characters (such as
&,<, or>), enclose the password with CDATA as follows:<entry key="sql.authentication.password"><![CDATA[My&Password1]]></entry> -
Save the file.
Changes take effect immediately. The password in the
sqlauth.xmlfile is encrypted the first time DPA prompts a user to enter it.
Disable password protection
Password protection is disabled by default. If you enable it and then want to disable it again, complete the following steps.
-
Open the
sqlauth.xmlfile in a text editor. This file is located in the following directory:DPA-install-dir\iwc\tomcat\ignite_config\iwc\securityThe default location is:
C:\Program Files\SolarWinds\DPA\iwc\tomcat\ignite_config\iwc\security - Remove the value of the
<entry key="sql.authentication.password">setting. For example:<entry key="sql.authentication.password"></entry> -
Save the file.
Changes take effect immediately.