Product: TIBCO Spotfire®
Encryption for Spotfire database.
Passwords for end users that are stored in the Spotfire database, when using Spotfire database authentication, are not encrypted but salted and hashed multiple times using the SHA-512 hash function. Passwords for service accounts stored in the database (this cover all accounts configured through the various Spotfire Configuration and Administration interfaces such as passwords for LDAP service accounts, information link data sources and action logging) are encrypted with AES (128) and uses the encryption password that can (optionally) be set when creating a bootstrap file. If no encryption password has been set, a static password will be used. Passwords stored in the bootstrap file are always encrypted. As part of keeping the system secure, we also recommend that file system access to the bootstrap XML file is restricted. Note: Passwords for data sources where connections are initiated from the Spotfire client (i.e. not information links) like ODBC connections are embedded in the file itself are not encrypted. It's not recommended to save passwords in dxp-files.