The Xpress Insight server will install a PostgreSQL database server to handle data storage for the repository. By default, the users of the local machine will be able to connect to the PostgreSQL database server without requiring passwords. If other users have access to the machine where the PostgreSQL database server resides, you can secure the database against access by these users.
To enable reversible encryption of the datasource passwords, perform the following steps:
- Use a text editor to open the <installdir>\insight\db\pgsql\data\pg_hba.conf file that is used to configure SSL connections.
- Edit the connection types to replace trust with md5 for both IPv and IPv6.
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
- Use a text editor to open the file at \xpressmp\insight\server\wildfly-9.0.1.Final\standalone\configuration\standalone.xml.
- In the <security-domains> section, in the security subsystem, copy and paste the following text to add a new security domain:
<security-domain name="insight_user_security_domain">
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="insight"/>
<module-option name="password" value="<encrypted-password-value>"/>
</login-module>
</authentication>
</security-domain>
- In the datasources subsystem section, for each datasource you wish to secure, replace the security tag that contains the user-name and password with a reference to your new security domain:
<security>
<user-name>insight</user-name>
<password>insight</password>
</security>
<security>
<security-domain>insight_user_security_domain</security-domain>
</security>
|
|
Note If you secure the password for
com.fico.xpress.insight.db, you should also update the credentials for
com.fico.xpress.insight.mirrordb and
com.fico.xpress.insight.dmndb.
|
- Generate an encrypted password using the utility provided in the WildFly installation folder. Open a command window and navigate to <WildFly installation folder>\modules\system\layers\base\org\picketbox\main:
cd \xpressmp\insight\server\wildfly-9.0.1.Final\modules\system\layers\base\org\picketbox\main
- Enter the following instruction, including your datasource_password, to generate an encoded password.
java -cp .\picketbox-4.9.2.Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule datasource_password
- Copy the generated password into the value parameter of your password module-option in the security domain you set up in Step 4.
- Restart the PostgreSQL database server from the Windows services control applet.
This will instruct PostgreSQL to require password authentication of incoming connections from the local machine.
© 2001-2019 Fair Isaac Corporation. All rights reserved. This documentation is the
property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not
convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except
solely for internal evaluation purposes to determine whether to purchase a license to the software
described in this documentation, or as otherwise set forth in a written software license agreement
between you and FICO (or a FICO affiliate). Use of this documentation and the software described in
it must conform strictly to the foregoing permitted uses, and no other use is permitted.
Note If you secure the password for com.fico.xpress.insight.db, you should also update the credentials for com.fico.xpress.insight.mirrordb and com.fico.xpress.insight.dmndb.