powered by Jive Software

Openfire.xml security

Is there a way to encrypt passwords in openfire.xml?

I have two instances for clear passwords, one for database user and an other for the LDAP Administrator, and would like to encrypt it in a way or an other.

The openfire.xml file must be protected at the filesystem level. Any “encryption” would give a false sense of security since Openfile would need to decrypt it the same way every time, essentially making the encryption key public knowledge. If you are only worried about “passers-by” then just make sure only the openfire process has permissions to read the openfire.xml file.

Hi Michel,

“the LDAP Administrator” will likely be a read-only LDAP account, as “Openfire treats the LDAP directory as read-only”.

One can use LDAP ACL’s (within LDAP, not related to Openfire) to limit the things which can be read by this account even further.

LG

Reference: http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-gui de.html

Hi slush, it,

Thanks for your feedback. This is understandable, however my openfire.xml keeps changing the permissions to 644, even when we set it to 600.

All users have read permissions on the LDAP.

We are more concerned about the Database, that is currently a MySQL hosted on an other server. Although MySQL limits connections by IP, we do not consider this as very safe.