Linda Moore from the GPTeam created a blog posting on the team’s blog about stored passwords in GP Preferences. She makes some points about how secure the passwords stored in GP Preferences are:
The key points are:
- Passwords are stored – encrypted with AES – in the XML files
- those files are stored on SYSVOL authenticated users have read access to it and can therefore read it
- Use dedicated accounts when using GP Preferences to store passwords.
- [AES is a symmetric key algorithm. If I have the key, I can decrypt all of the passwords if the key doesn't change.]