Encrypting the chat logs would add a lot of complexity to the program that many people dont need or want in many cases. It also would only marginally increase security because the other endpoint may not encrypt them, or the server may be logging them (also unencrypted). Certainly someone could write a Spark plugin to do the encryption, but I doubt there is enough demand for Jive to do this. My suggestion would be to use an encrypted disk so Spark dosnt need to care if or how the encryption occurs. Try www.truecrypt.org for an Open Source version.
This same logic applies to email. If you want secure email or IM, you must encrypt the message itself. There has been some requests for this feature, but again I dont know if there is enough demand for Jive to implement this.
I have both PGP and TrueCrypt. But probably You dont know, that if even You have Spark installed to F: , logs ''ll keep their place in C:\Documents And Settings\Users\Blablabla…
So, all i spoke before is true. I never shout for nothing .
I wrote OpenFire hack, to disable all logs on server. Plus SSL is required. So only weak place is Spark with their read-for-all logs directory, which can not be configured.
That is a sensible place to put the logs as you need a writable area for each user.
You could encrypt the C: drive, or place a symbolic link (junction point) on C:\ to point to a different drive, or just disable the chat logs on the client too?
Files in your “Documents and Settings” directory should be protected by permissions anyway. Allowing any user to read files out of there is a security problem in its own right. You can always configure the Spark directory to have even tighter permissions, though you cant remove Admin access completely. If you are worried about your admins viewing your chat logs, then I suggest you turn them off.
I think I could make a case for having the log directory be configurable though. My dilemma is this: If we start adding tons of options that only a few people want, we end up with a configuration dialog that is cluttered and confusing. Perhaps an option like this would be something you change from the config file (spark.properties) only.
I do want to reiterate that you are only marginally increasing the security by encrypting your chat logs. Unless you can be 100% certain of the entire path, it is NOT secure at all. So in addition to forcing SSL, you need to turn off s2s, and make sure ALL clients who connect have the same logging setups. To truly gain the security you want in that case you need to use end-to-end encryption (PGP, for example). That feature has been requested a few times, but there hasnt been a huge interest in it.