As your database is on the same box as the Observium process, there's no cleartext data being transmitted across the network, which is what that control is designed to address.

If the data is considered sensitive enough, you should probably looking to also encrypt the data at rest within the database (as you would have needed to already compromise the Observium host in order to abuse the above scenario, you've got access to the database regardless). That's a slightly different rabbit hole to fall into.

On 4 Apr 2022, at 12:40 pm, Ryan Tee via observium <observium@observium.org> wrote:

Hi ,

We would like to check followings in Observium systems.

How to make sure that, in Observium systems, database Security Server and TCP database port uses TLS v1.2 or above for communications.

This is to ensure communication is secured.

Appreciate share with us, to configure setting config.php file in Observium systems.

Regards
Ryan

<image001.png>
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium