The authentication information for passwords is stored in a database in the configuration directory in a non-reversible encryption. They are secure and non-recoverable. If a user forgets his password, it cannot be retrieved or regenerated.

When a password is associated with a mirror/tunnel connection, it is stored unencrypted in the DataHub configuration folder. It is good security policy to deny access to this file to untrusted users.

When a password is transmitted across the network, it is transmitted in plain text. This is necessary to accommodate the variety of clients that could generate an authentication request. If the network is itself insecure, it is advisable to use a VPN (Virtual Private Network) or enable SSL for mirror/tunnelling to encrypt the network traffic.