Search DominoPower's 10,675 Lotus-related article archive 
Home
EasyPrint
News details Click here for the RSS feed's XML code. This is not a browser URL.
Articles-only Click here for the RSS feed's XML code. This is not a browser URL.
Twitter Feed Click here for the Twitter feed.
ENCRYPTION TUTORIAL
Encrypting fields in Domino and Notes
By Tom Lowery

As you probably know, Domino has a pretty sophisticated security scheme. In fact, it's so sophisticated, it can sometimes be difficult to use effectively. At times, in my own applications, I've accidentally locked out legitimate users or left the door open to illegitimate ones. There are many options to examine and set. Worse, many of the security features have counter-intuitive restrictions.

The Domino security model consists of seven distinct levels: Domain, Server, Database, View, Document, Section, and Field. Think of it as the "Seven Layer Burrito of Security." The first two levels allow system administrators to restrict who can access a group of servers or an individual server. Database-level security is enforced through the ACL by system administrators, database managers, or application developers to limit access to a specific database. The last four levels are the exclusive realm of application developers. When designing a database, you can mark certain views, documents, document sections, or even specific fields off-limits to all but authorized individuals.

In this article, I will cover the lowest level, field security in detail. It's tempting to simply use hide-when formulas to hide fields on a form. You can hide a field when a user doesn't possess the needed role, or when the user's access level is less than a given minimum, like Editor access, for example. This technique is fine, as long as you understand it's not real security. Anyone who doesn't meet your criteria can still see the field contents by looking at the Document Properties window.

There's only one real field-level security feature in Domino: encryption. Encryption is also the only security feature that will protect your data even from those who have access to the server console. However, Domino encryption has some drawbacks. I'll talk about those as well.

Secret key vs. public key
Domino encryption comes in two basic flavors: secret key and public key. In a secret key setup, the key used to encrypt the data is also used to decrypt it. This works well if the data only needs to be read by the same person who encrypted it, or by a small, geographically close group. As the application developer, you can create secret keys through the Notes interface. If you want to share the data among several people, you need to be careful to distribute the key in a secure manner. For example, you wouldn't want to send the key through Internet mail. Key management issues aside, secret key encryption can still work well, even for large groups.

Public key encryption involves two keys. One is used to encrypt the data and another is used to decrypt it. The two keys are mathematically related to each other and are called a key pair, and each Domino user has a pair. The key used to encrypt the data is called the public key. It's listed in the Domino Directory. The key used to decrypt the data is called the private key. It's stored in the user's Notes ID file. Although the two keys are related, it's extremely difficult to figure out the private key even if you know its public sibling. If you have a spare supercomputer sitting in your basement, you might be able crack a Domino key pair before the 22nd Century rolls in. Public key encryption bypasses the key management issues present in the secret key method. Everyone already has the keys they need, so there's no need to figure out how to distribute them.


1  ·  2  ·  3  ·  Next »
Other articles you might like
Home > Lotus Technologies > Notes (78 articles)
   When the debugger won't debug hidden code that isn't hidden
   What to do if the LotusScript debugger won't single-step over code
   Troubleshooting an OpenSuse Notes install
Home > Lotus Technologies > Domino (69 articles)
   Centralised email encryption at the Domino server level
   Getting the Domino server time with @Now
   When the email flood inundates the Domino Server
Home > Tips & Techniques (95 articles)
   When the debugger won't debug hidden code that isn't hidden
   What to do if the LotusScript debugger won't single-step over code
   Troubleshooting an OpenSuse Notes install
Home > Lotus Technologies > Application Development (47 articles)
   How hide-whens in Rich Text can ruin your whole day (and what to do about it)
   Little known traps about Lotus Notes fields
   Integrating a Notes Connector database with Google Enterprise Search
Get Weekly Email Updates
Subscribe to our regular weekly email newsletter. It's packed with tips, reviews, deep analysis, and the latest news.
 
Recent DominoPower Articles
What to look for in a Domino-based document management solution
Understanding Domino.doc end-of-life options
When the debugger won't debug hidden code that isn't hidden
What to do if the LotusScript debugger won't single-step over code
Top 10 ways to launch and build a Lotus consulting practice (with a little help from the Beatles)
Troubleshooting an OpenSuse Notes install
Incident report: denial of service attack against ConnectedPhotographer.com
Latest Lotus Headlines
SnTT - Enabling ALL the bells and whistles!
Tivoli Data protection causes Domino to crash
Fun when running DB2 CLP scripts
Introducing Flippr, the easy way to admin Quickr
DXL and fake security
Using search forms in IBM Workplace Collaborative Learning 2.7
Schmidt, Freed, and Gering on the OVF Toolkit
>> Read all the news
More from the ZATZ journals
Computing Unplugged: Eight steps to successful and reliable home backups
David Gewirtz Online: CNN commentary and analysis
OutlookPower: Can Outlook run when it's not running (and other mysteries)?
-- Advertisement --

AUTOMATE LOTUS NOTES USER ID MANAGEMENT
ID Manager 4.5 from HELP Software provides a new level of automaton for managing Lotus Notes IDs. ID Manager lets Lotus Notes administrators get out of the business of creating and managing user IDs. Use our ROI calculator to see how quickly ID Manager will pay for itself.

Learn more about HELP Software products
-- Advertisement --

Want The Top Lotus Experts By Your Side Without Paying Hefty Consulting Fees? Look No Further.
Like having a team of consultants by your side -- ones who have all the answers and never make mistakes -- THE VIEW gives you immediate access to field-tested instruction, guidance, and best practices from the brightest Lotus professionals around.

Join your peers who realize their Lotus technology is too important to let people from blogs and forums tell them how they should implement it, run it, and use it. THE VIEW is where only the world's top Lotus experts provide validated support to you on a weekly basis to ensure you work more efficiently, get more out of your Lotus technology, and stay clear of costly mistakes.

Check out the new instruction, tips, and best practices added to THE VIEW this week.

ZATZ Home  ·  News  ·  Back Issues  ·  Credits/Trademarks ·  Link To Us
Copyright © 1998-2009, ZATZ Publishing. All rights reserved worldwide.
Editor's Login