We're updating the issue view to help you get more done. 

Add ability to encrypt properties so they are encrypted in the db and do not appear in the admin console.

Description

There are numerous properties used in OF to store passwords. The current strategy simply omits displaying the text in the admin console when the property matches a regular expression. Some existing passwords don't actually match this expression now (the PKI truststore and keystore passwords for instance).

Adding to the regular expression is a stop gap measure that is difficult to maintain as it requires code changes to adapt to new names. It also means the actual passwords are still stored as clear text in the db.

I think a better approach is to add an option to encrypt any property, which will automatically store it encoded. This would work for any existing password or any future one, whether it is an Openfire defined one or a custom property for a plugin.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Tom Evans
April 3, 2014, 12:44 AM

OK I am ready with an implementation of this feature and would like to have some feedback on my approach. The key addition is a new XML file (security.xml) that we will use to keep track of the encryption settings along with a list of encrypted properties. I have attached the file here as it also contains the main documentation for the new feature set.

Tom Evans
April 3, 2014, 1:57 AM

Implemented; pending review/feedback

Daryl Herzmann
April 9, 2014, 3:03 PM

Tom, FYI, I had to send an additional patch in so that the RPM build understood that the security.xml file was marked as a config file. I wonder if other distro builds are also impacted by this.

Tom Evans
April 10, 2014, 2:40 AM

OK - I saw your commit, and I agree that conf/security.xml should be treated as a configuration file in the various distributions. Apologies for missing that step, and thanks for picking me up on that one.

Greg Thomas
June 7, 2016, 9:59 AM

I've just raised a question about this new functionality at https://community.igniterealtime.org/message/258105 - is/should be the recording of the property in security.xml be reflected across all nodes in the cluster?

Fixed

Assignee

Tom Evans

Reporter

Robin Collier

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure