Two (minor) issues i met when i tried to install OpenFire 3.7.1

Hello,

While installing Openfire 3.7.1, i remarked a two things that could be handled better:

  • The file openfire.xml is readable to users, which means a basic user on a terminal server could read that file, see the database password, and gain full access over the openfire server.

Solution: I’ve set that file only readable by SYSTEM and Administrators, works fine. Any way to add this to a future installer please ?

  • The Openfire server service tries to start regardless of if the database service has already started, meaning that on reboot, sometimes openfire service will start before database service, and fail.

Solution: I’ve set service dependancy in the registry: HKLM\System\CurrentControlSet\services\Openfire

Create a REG MULTI SZ value called “DependOnService” and fill it with your SQL service name.

Maybe, the installer could ask the Database service name and create this value automagically.

Anyway, i’m pretty happy with Openfire. These are just nice suggestions.

Cheers.

I think that terminal users shouldn’t be able to poke into operating system areas like program files, etc. I don’t think that customizing the installer to set special permissions (if possible at all with the current installer4j, which is in use currently) is worth. Administrators can always set permissions they think are right.

The second one is interesting, but maybe this should be not in the installer, but in the service itself, to wait for the database to start. Especially if the DB is on the other server. I have filed this as OF-585, but as development here is not very active, unless someone provides a patch for this, this will not be done soon or ever.

Thank you for your support.

These were only suggestions anyway. I posted these more to contribute rather than hoping a quick fix.

I’m a bit new to Openfire. What happened to the developpment ?

Openfire and other projects were originally started and maintained by Jive Software. But a few years ago they decided to push they other products like Clearspace or JBS (the base of these forums) and open sourced Openfire and Spark and well… left them as it is for the community to support and develop. At first there were some active folks and some of them are still around and sometimes fix bugs or add features, but in general development is in stall and new releases are taking more than year to come up (though anyone can use nightly builds with the recent changes). Some projects like SparkWeb or Fastpath plugin (or some other plugins) are mostly dead.