powered by Jive Software

Spark and Cached Credentials


This might be more of a support question but I figure devs would know best. I’m looking into all of the possible implications with moving over to LDAP during an openfire upgrade and noticed that spark allows caching credentials. Very quickly I identified a string in %appdata%\spark\spark.properties which begins with “password”, and is followed immediately by a string… I haven’t tried decoding/decrypting this string yet using any of the resources I have (like the private keys in the openfire server) or poking around any more than that. Figured I would start by asking…

How secure is the password cached here, or is it even secure? I am aware I can probably deny people the ability to save their passwords but I’m not sure I want to do that.


its not secure…I think the original purpose was to simply make the password not human readable. Spark was originally designed to run on a corp network, where most workstations/computers are protected by other means.

Perfect, thank you. I had a feeling it was simply encoded.