The Xpress Insight server will install a PostgreSQL database server to handle data storage for the repository. By default, the users of the local machine will be able to connect to the PostgreSQL database server without requiring passwords. If other users have access to the machine where the PostgreSQL database server resides, you can secure the database against access by these users.
To enable reversible encryption of the datasource passwords, perform the following steps:
- Use a text editor to open the <installdir>\insight\db\pgsql\data\pg_hba.conf file that is used to configure SSL connections.
- Edit the connection types to replace trust with md5 for both IPv and IPv6.
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
- Configure a credential store, for more see Using the Credential Store to Store Passwords.
- Amend the datasource declaration to refer to the credentials held in the credential store instead of the plain text password:
<xa-datasource …>
<security>
<user-name>insight</user-name>
<credential-reference store="store-name" alias="password-alias"/>
</security>
...
- Restart the PostgreSQL database server from the Windows services control applet.
This will instruct PostgreSQL to require password authentication of incoming connections from the local machine.
