isltt
asked on
Encrypting Notes ID password
Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.
also, how can I do same with Domino webmail?...would https help here?
also, how can I do same with Domino webmail?...would https help here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.
You don't need to. Notes doesn't send plain text passwords.
>> also, how can I do same with Domino webmail?...would https help here?
Use SSL. Easiest and the bestest method.
You don't need to. Notes doesn't send plain text passwords.
>> also, how can I do same with Domino webmail?...would https help here?
Use SSL. Easiest and the bestest method.
And also use session authentication - this also reduces the amount of username-password information sent over the wire. If you enable SSL (you should) it's still possible you won't enable SSL on all databases. And if you then switch to a now-ssl database, in basic authentication, your password is again sent as 'almost' clear text over the wire (it's not really clear, but the encryption is so weak everybody can break it)
cheers,
Tom
cheers,
Tom
Hi Bozzie4,
> - Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider
> using ssl here too.
The default does NOT allow anonymous access to HTTPPassword
Cheers!
> - Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider
> using ssl here too.
The default does NOT allow anonymous access to HTTPPassword
Cheers!
Yep, that's true, but you still don't want to make all your usernames etc. public.
tnx
Tom
tnx
Tom
Then hide ($Users) view in Domino Directory(names.nsf).
And use high security pwds.