Steps to reproduce;
- One one node in an Openfire cluster, via the admin console (Server -> Server Manager -> System Properties) create a system property, e.g. “aaa.test-property”, with a value. Select the “Encrypt the property value”, and click “Save Property”
- Note that the admin console indicates that the property value is hidden, and shows the padlock symbol indicating it is encrypted.
- Access the System Properties screen on another node in the same cluster.
The System Properties screen on other nodes in the cluster indicate that the property value is hidden, and shows the padlock symbol indicating it is encrypted.
The System Properties screen on other nodes in the cluster display the plain text value of the property, and do not indicate that it is encrypted.
Note 1; the same behaviour is seen if the property is created in plain text and subsequently encryption using the “+” button.
Note 2; if the “other” nodes are restarted after the property is encrypted, the encrypted value of the property is shown.
A quick analysis shows that the “this field is encrypted” flag is stored in a file, conf/security.xml, rather than the database. This is probably sub-optimal as the contents of this file needs to be replicated across all current and future member clusters.