powered by Jive Software

Security.xml property encryption

I’m using Openfire 4.6.0 and it seems like property encryption via security.xml is not working. My security.xml looks like:

<security>
<encrypt>...</encrypt>
<ldap><adminPassword>secret</adminPassword></ldap>
</security>

I see ‘ldap.adminPassword’ in the ofProperty table but it’s unencrypted.

I traced the issue down to this line of code: https://github.com/igniterealtime/Openfire/blob/master/xmppserver/src/main/java/org/jivesoftware/util/XMLProperties.java#L692

The database property seems to be decrypted when the XML property is removed from security.xml.

I tested removing that line and it resolved the issue. I haven’t tested or checked if this change affects anything else though. I can post a PR if it helps.

Let me know if there are any questions.

Thanks,
Victor

I was wondering the same thing here.