Password Storage and HSQL

Hi All,

I finally have this working with my own self-signed cert. Thanks for all the help. I will make a post to help the new questions I saw when logging on.

I do have a question, my server was bogged down running MySQL and Jive so I decided to use the built in HSQL. I don’'t have alot of users so that is ok. I am curious, how are the passwords saved, and where is the password store?

Thanks,

Ken

Hi Ken,

I do have a question, my server was bogged down

running MySQL and Jive so I decided to use the built

in HSQL. I don’'t have alot of users so that is ok.

Using an external database should take some of the load off of Messenger and increase performance, but as you said, if you don’'t have a lot of users it may not make much difference.

I am curious, how are the passwords saved, and where is

the password store?

The passwords are stored in a table named “jiveUser”, which you can see the contents of by going to MESSENGER_HOME/embedded-db and opening up the messenger.script file. You might have to do a bit of searching but you should see some entries that look like:

INSERT INTO JIVEUSER VALUES(''admin'',''none'',''Administrator'',''admin@localhost'',''001116564327206'',''0'') //username, password, name, email, creationDate, modificationDate

It is probably best to look at that file while Messenger is not running to prevent any sort of data corruption.

Hope that helps,

Ryan

Hey there,

Interesting, is there any way that this data can be encrypted so that it can’'t be accessed should the system become compromised? Say with hashed passwords, or encryption to the file itself with the Windows NTFS File System, that would not affect the operation of Messenger Server?

In terms of the external database, the actual hardware available to us does not have enough resources to handle the load of MySQL and Jive at the same time. It tries, but it just can’'t keep up. The HSQL option runs much smoother.

Thank you,

Ken

Hi Ken,

Interesting, is there any way that this data can be

encrypted so that it can’'t be accessed should the

system become compromised? Say with hashed passwords,

or encryption to the file itself with the Windows

NTFS File System, that would not affect the operation

of Messenger Server?

The issue of encrypting/hashing passwords has come up several times, if you do a search on these forums you can see what some of the issues are.

In terms of the external database, the actual

hardware available to us does not have enough

resources to handle the load of MySQL and Jive at the

same time. It tries, but it just can’'t keep up.

Ah, that would explain it.

Thanks,

Ryan