Steps to reproduce;
- One one node in an Openfire cluster, via the admin console (Server -> Server Manager -> System Properties) create a system property, e.g. “aaa.test-property”, with a value. Select the “Encrypt the property value”, and click “Save Property”
- Note that the admin console indicates that the property value is hidden, and shows the padlock symbol indicating it is encrypted.
- Access the System Properties screen on another node in the same cluster.
Expected results;
-
The System Properties screen on other nodes in the cluster indicate that the property value is hidden, and shows the padlock symbol indicating it is encrypted.
Actual results; -
The System Properties screen on other nodes in the cluster display the plain text value of the property, and do not indicate that it is encrypted.
Note 1; the same behaviour is seen if the property is created in plain text and subsequently encryption using the “+” button.
Note 2; if the “other” nodes are restarted after the property is encrypted, the encrypted value of the property is shown.
A quick analysis shows that the “this field is encrypted” flag is stored in a file, conf/security.xml, rather than the database. This is probably sub-optimal as the contents of this file needs to be replicated across all current and future member clusters.