DB details not encrypted in database

Description

Steps to reproduce

Install a fresh Openfire 4.2.2 setup to a blank database
Check the values of database.defaultProvider.username, database.defaultProvider.password

Expected results

The database username and password is encrypted in both the conf/openfire.xml file and in the matching entry in the ofprivate table.

Actual results

The database username and password is encrypted in the conf/openfire.xml file, but in plain text in the ofprivate table.

Workaround

Manually encrypt the properties using the "+" button in the admin GUI.

Environment

None

Acceptance Test - Entry

None

Activity

Show:

Greg Thomas

March 9, 2018, 11:33 AM

Copy link to comment

Note; the workaround ends up with a different (encrypted) value in the database than in the openfire.xml file - the latter is left untouched by the manual encryption process, hence this step doesn't affect functionality.

Greg Thomas

March 9, 2018, 1:43 PM

Copy link to comment

Note 2; also affects ldap.adminDN, ldap.adminPassword settings.

Greg Thomas

April 11, 2018, 2:02 PM

Copy link to comment

NB. I'm surprised that the encrypted form of the database credentials differ between the conf/openfire.xml and database, but things still appear to work regardless.

Greg Thomas

July 2, 2018, 9:37 AM

Copy link to comment

Re-opened due to query @ https://github.com/igniterealtime/Openfire/pull/1060#issuecomment-401370818

I've double checked my tests, and re-closing as I now believe it's all working OK.

Assignee

Greg Thomas

Reporter

Greg Thomas

Labels

None

Expected Effort

None

Ignite Forum URL

https://discourse.igniterealtime.org/t/properties-not-encrypted-in-openfire-4-2-2/80963

Fix versions

4.3.0

Affects versions

4.2.2

Priority

Major

Configure