powered by Jive Software

Passwords Stored In Plain Text

I thought that this had been fixed but I noticed today that using Openfire v3.2.3 the admin passwords for both my external SQL database and Windows domain are stored in plain text in the conf\wildfire.xml file

Should this be the case still ?

I note that the Domain user actually only needs ‘‘read’’ access via LDAP so I have changed the account to one that is restricted which has a password the ‘‘looks’’ like it’'s already been encrypted - crude but unless you know what your looking for it will fool most people