Sisense is built around a robust and flexible security architecture that has been designed to ensure security processes are enforced while scaling to enterprise deployments of Sisense.
As part of this architecture, Sisense complies with the United States Federal Information Processing Standard (FIPS) 140 standard, which defines cryptographic algorithms approved for use by US Federal government computer systems for the protection of sensitive data. An implementation of an approved cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed National Institute of Standards and Technology (NIST) validation.
In Sisense v6.7, Sisense added security hardening to the Sisense application database access. Part of the improvements to the application database’s security removed FIPS compliance. To remain FIPS-compliant, you must disable the application databases authentication, which was added in Sisense V6.7. The database access will remain unauthenticated, as it was prior to Sisense V6.7.
To disable the application database’s authentication:
- Disable authentication from the application database:
- Restart Sisense.Repository:
- Remove the username and password from the application database’s connection string:
- Open C:\Program Files\Sisense\PrismWeb\App_Data\Configurations\db.config.
- Remove the username and password parameters from connectionString, for example connectionString=”mongodb://localhost:27018/admin”).
MongoDB connection strings have the following format:
mongodb://[username:[email protected]]host1[:port1][,host2[:port2],…[,hostN[:portN]]][/[database][?options]]In the example below, AppUser:mWLdf6b/[email protected] should be removed:
- Restart IIS. In Windows, open CMD and run IISRESET.
Hey! Was this article helpful?
Questions? Ask the community.