Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Encrypting Notes ID password

Posted on 2004-08-25
6
Medium Priority
?
219 Views
Last Modified: 2013-12-18
Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.

also, how can I do same with Domino webmail?...would https help here?
0
Comment
Question by:isltt
6 Comments
 
LVL 19

Expert Comment

by:madheeswar
ID: 11899661
you mean hackers can hack user name and passwords from Domino Directory?

Then hide ($Users) view in Domino Directory(names.nsf).

And use high security pwds.
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 1500 total points
ID: 11899833
1. the Notes ID password is encrypted, and is not sent over the wire to the server.  You effectively authenticate against the id file (password is not stored on the server).
2. for the Web password, there is a different story :

- since you do send the password over the wire, it's best to use SSL.  Passwords will not be sniffed then.  You should make your users login to an ssl-enabled database, and also use ssl to access their mailfiles (webmail/inotes)
- since the default encryption on the password field is rather bad (easily crackable using a dictonary attack), you should use the "More secure password format".  Set this in the Directory Profile (in  the names.nsf).  
- it stays vital that you protect your names.nsf : only allow (at max) author access to your own people within your organization (so they can edit their own person document).  Default access should be 'no access', anonmymous access should be 'no access'.  Hiding the ($Users) view will not help, btw - there are enough other views.  
- Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider using ssl here too.

cheers,

Tom

0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 11903451
>> Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.
You don't need to. Notes doesn't send plain text passwords.

>> also, how can I do same with Domino webmail?...would https help here?
Use SSL. Easiest and the bestest method.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 15

Expert Comment

by:Bozzie4
ID: 11910401
And also use session authentication - this also reduces the amount of username-password information sent over the wire.  If you enable SSL (you should) it's still possible you won't enable SSL on all databases.  And if you then switch to a now-ssl database, in basic authentication, your password is again sent as 'almost' clear text over the wire (it's not really clear, but the encryption is so weak everybody can break it)

cheers,

Tom
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 11932464
Hi Bozzie4,
> - Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider
> using ssl here too.

The default does NOT allow anonymous access to HTTPPassword

Cheers!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11932674
Yep, that's true, but you still don't want to make all your usernames etc. public.

tnx

Tom
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question