There are numerous properties used in OF to store passwords. The current strategy simply omits displaying the text in the admin console when the property matches a regular expression. Some existing passwords don't actually match this expression now (the PKI truststore and keystore passwords for instance).
Adding to the regular expression is a stop gap measure that is difficult to maintain as it requires code changes to adapt to new names. It also means the actual passwords are still stored as clear text in the db.
I think a better approach is to add an option to encrypt any property, which will automatically store it encoded. This would work for any existing password or any future one, whether it is an Openfire defined one or a custom property for a plugin.
OK I am ready with an implementation of this feature and would like to have some feedback on my approach. The key addition is a new XML file (security.xml) that we will use to keep track of the encryption settings along with a list of encrypted properties. I have attached the file here as it also contains the main documentation for the new feature set.
Implemented; pending review/feedback
Tom, FYI, I had to send an additional patch in so that the RPM build understood that the security.xml file was marked as a config file. I wonder if other distro builds are also impacted by this.
OK - I saw your commit, and I agree that conf/security.xml should be treated as a configuration file in the various distributions. Apologies for missing that step, and thanks for picking me up on that one.
I've just raised a question about this new functionality at https://community.igniterealtime.org/message/258105 - is/should be the recording of the property in security.xml be reflected across all nodes in the cluster?