Sensitive Data Transmitted


This section describes what types of data are transmitted during dbWatch Control Center operations, where sensitive data may be present, and how it is protected in transit between system components and database targets.


Types of Transmitted Data

By design, dbWatch Control Center connects to database instances to collect performance metrics, job results, configuration data, and status signals. The default job packages focus on metadata and behavioral indicators, such as:

> Application-level data (e.g., business records, customer details) is not accessed by default.

However, certain optional features—such as:

…may allow administrators (DBAs) to query or interact with other areas of the database, including potentially sensitive business data. The use of these features is governed by user permissions and is controlled at the instance and domain configuration level.


Encryption in Transit – Control Center Traffic

All communication between the following dbWatch components is encrypted using TLS and authenticated using internally issued certificates:

These connections use port 7100 (by default) and are SSL-wrapped using AES-GCM encryption (256-bit keys). No unencrypted or plaintext control traffic is permitted between dbWatch components.

For more, see:


Encryption in Transit – Database Connections

Connections between dbWatch Monitor nodes and target database instances use JDBC drivers, and encryption support is dependent on:

> Administrators are responsible for enabling encryption at the database level and ensuring JDBC parameters enforce secure connectivity.

For instance:

If encryption is not enabled on the database side, data in transit between the Monitor and the instance may be exposed depending on network design.


Summary of Responsibilities

Channel Encrypted Encryption Method Notes
Control Center (Server ↔ Monitor ↔ Client) Yes TLS w/ AES-GCM (256-bit) Enforced by internal CA; always encrypted
Database Instance ↔ Monitor Node Optional (DB-side) Depends on DB platform & JDBC config Admin must enable encryption in DB/JDBC
Web Dashboard / Web Export (Port 8080) No (by default) Recommend HTTPS reverse proxy Use proxy or VPN for protected exposure

Recommendations


Related Topics


If you have compliance or data residency requirements, or need assistance configuring encrypted JDBC connections for your environment, contact:
support@dbwatch.com