Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
How to configure Microsoft SQL Server (2012, 2014, 2016, 2017) for ThreadFix on windows. These can be local instances or set up in the cloud using Azure, Microsoft’s cloud service.
Prerequisites
Audience: IT Professional and/or End User
Difficulty: Intermediate
Time needed: Approximately 60 minutes
Tools required: SQL Server Management Studio (SSMS)
Introduction
To manage your SQL Server database, we recommend that you install the following application:
SQL Server Management Studio (SSMS) available here.
Once you have it installed, you can connect to a SQL Server database using the instructions in the next section.
These instructions refer to the latest release of SSMS.
SQL Server Management Studio Configuration
Open SSMS and in the Connect to Server dialog window (if this window does not open automatically, then go to File -> Connect Object Explorer) enter the details for your SQL Server database. You will need the Server name or ip address, and login and password.
Below is a sample connection settings for SSMS:
Server type is set to Database Engine
Server Name is the IP address or host name of your SQL Server database
Authentication is set to SQL Server Authentication
Enter the Login and Password for your SQL Server and click on Connect...you should see your Database in the Object Explorer in SSMS.
Create ThreadFix Database
If you do not already have a ThreadFix database in your SQL Server, you will need to create one prior to starting the ThreadFix application. You can do this from SSMS once you are connected to the server:
From SSMS, in the Object Explorer, right-click on the Databases folder and click on New Database.
Enter the name of the database (e.g., threadfix)
Click on the Options page in the left pane and make the following changes within the Miscellaneous section:
Allow Snapshot Isolation - change to True
Is Read Committed Snapshot On - change to True
Click OK to finish creating the database.
Create ThreadFix User
SQL Server Authentication
Create a local (SQL Server Authentication) user for the ThreadFix application and grant the user full privileges to ThreadFix database (db_owner role).
By default, Microsoft SQL server authentication mode is disabled, but can be enabled by editing the Server Properties.
Windows Authentication
Alternately, you can use Windows Authentication for the database connection (only supported on a Windows Server ThreadFix deployment)...
Download JDBC driver here (newest tested version is 6.2) and run the executable to extract the content to a desired directory
Add the sqljdbc_auth.dll file found in <extracted directory>\sqljdbc_<version>\<language>\auth\x64 to the JVM path by running the JVM with this option:
Example:
-Djava.library.path=C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_6.2\enu\auth\x64
Edit the <threadfix-deploy>/WEB-INF/classes/jdbc.properties file, changing the integratedSecurity option in the jdbc connection string to "true"
Example:jdbc.url=jdbc:sqlserver://localhost:1433;databaseName=threadfix;integratedSecurity=true;sendStringParametersAsUnicode=false
Change the Tomcat service to be run by the desired service account on your domain, instead of the Local System account
(If you have trouble setting the user in the above dialog, use the Services applet in Control Panel instead.)
Ensure that the above service account has been granted db_owner role for the ThreadFix database on the SQL Server and has Administrators membership on the ThreadFix server.
ThreadFix Installation
Now that you've completed the Windows Enterprise Setup and SQL Server Configuration, proceed to the ThreadFix Installation page.
Table of
contentcontents
Table of Contents | ||
---|---|---|
|
https://threadfix.it/ | www.denimgroup.com
© Copyright 2020 Denim Group, LTD. All Rights Reserved.