The Xpress Insight server will install a PostgreSQL database server to handle data storage for the repository. By default, the users of the local machine will be able to connect to the PostgreSQL database server without requiring passwords. If other users have access to the machine where the PostgreSQL database server resides, you can secure the database against access by these users.
To enable reversible encryption of the datasource passwords, perform the following steps:
- Use a text editor to open the <installdir>\insight\db\pgsql\data\pg_hba.conf file that is used to configure SSL connections.
- Edit the connection types to replace trust with md5 for both IPv and IPv6.
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
- Configure a credential store, for more see Using the Credential Store to Store Passwords.
- Amend the datasource declaration to refer to the credentials held in the credential store instead of the plain text password:
<xa-datasource …>
<security>
<user-name>insight</user-name>
<credential-reference store="store-name" alias="password-alias"/>
</security>
...
- Restart the PostgreSQL database server from the Windows services control applet.
This will instruct PostgreSQL to require password authentication of incoming connections from the local machine.
© 2001-2019 Fair Isaac Corporation. All rights reserved. This documentation is the
property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not
convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except
solely for internal evaluation purposes to determine whether to purchase a license to the software
described in this documentation, or as otherwise set forth in a written software license agreement
between you and FICO (or a FICO affiliate). Use of this documentation and the software described in
it must conform strictly to the foregoing permitted uses, and no other use is permitted.
