As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

📙 You will learn

How to configure Microsoft SQL Server (2012, 2014, 2016, 2017) for ThreadFix on windows. These can be local instances or set up in the cloud using Azure, Microsoft’s cloud service.

Prerequisites

Audience: IT Professional and/or End User
Difficulty: (blue star) Intermediate
Time needed: (blue star) Approximately 60 minutes
Tools required: SQL Server Management Studio (SSMS)

Introduction

To manage your SQL Server database, we recommend that you install the following application:

  • SQL Server Management Studio (SSMS) available here.

Once you have it installed, you can connect to a SQL Server database using the instructions in the next section.

These instructions refer to the latest release of SSMS.

SQL Server Management Studio Configuration

Open SSMS and in the Connect to Server dialog window (if this window does not open automatically, then go to File -> Connect Object Explorer) enter the details for your SQL Server database. You will need the Server name or ip address, and login and password.

Below is a sample connection settings for SSMS:

  • Server type is set to Database Engine

  • Server Name is the IP address or host name of your SQL Server database

  • Authentication is set to SQL Server Authentication

Enter the Login and Password for your SQL Server and click on Connect...you should see your Database in the Object Explorer in SSMS.

Create ThreadFix Database

If you do not already have a ThreadFix database in your SQL Server, you will need to create one prior to starting the ThreadFix application. You can do this from SSMS once you are connected to the server:

  • From SSMS, in the Object Explorer, right-click on the Databases folder and click on New Database.

  • Enter the name of the database (e.g., threadfix)

  • Click on the Options page in the left pane and make the following changes within the Miscellaneous section:

    • Allow Snapshot Isolation - change to True

    • Is Read Committed Snapshot On - change to True

  • Click OK to finish creating the database.

Create ThreadFix User

SQL Server Authentication

  • Create a local (SQL Server Authentication) user for the ThreadFix application and grant the user full privileges to ThreadFix database (db_owner role).

  • By default, Microsoft SQL server authentication mode is disabled, but can be enabled by editing the Server Properties. 

Windows Authentication

  • Alternately, you can use Windows Authentication for the database connection (only supported on a Windows Server ThreadFix deployment)...

    • Download JDBC driver here (newest tested version is 6.2) and run the executable to extract the content to a desired directory

    • Add the sqljdbc_auth.dll file found in <extracted directory>\sqljdbc_<version>\<language>\auth\x64 to the JVM path by running the JVM with this option:

      Example: -Djava.library.path=C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_6.2\enu\auth\x64

    • Edit the <threadfix-deploy>/WEB-INF/classes/jdbc.properties file, changing the integratedSecurity option in the jdbc connection string to "true"
      Example: jdbc.url=jdbc:sqlserver://localhost:1433;databaseName=threadfix;integratedSecurity=true;sendStringParametersAsUnicode=false

    • Change the Tomcat service to be run by the desired service account on your domain, instead of the Local System account

(If you have trouble setting the user in the above dialog, use the Services applet in Control Panel instead.)

  • Ensure that the above service account has been granted db_owner role for the ThreadFix database on the SQL Server and has Administrators membership on the ThreadFix server.

ThreadFix Installation

Now that you've completed the Windows Enterprise Setup and SQL Server Configuration, proceed to the ThreadFix Installation page.

Table of content

https://threadfix.it/ | www.denimgroup.com
© Copyright 2020 Denim Group, LTD. All Rights Reserved.

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.