This might be more of a support question but I figure devs would know best. I’m looking into all of the possible implications with moving over to LDAP during an openfire upgrade and noticed that spark allows caching credentials. Very quickly I identified a string in %appdata%\spark\spark.properties which begins with “password”, and is followed immediately by a string… I haven’t tried decoding/decrypting this string yet using any of the resources I have (like the private keys in the openfire server) or poking around any more than that. Figured I would start by asking…
How secure is the password cached here, or is it even secure? I am aware I can probably deny people the ability to save their passwords but I’m not sure I want to do that.