|
|
|
|
|
|
|
|
|
|
|
|
|
|
MORE ENCRYPTION TIPS
Advanced encryption techniques
By Tom Lowery
In the previous two issues of DominoPower Magazine I discussed secret key and public key encryption. In this third and final installment in the series, I'll discuss an additional secret key technique that can add flexibility to your secure applications. For a tutorial on secret key encryption, visit http://www.dominopower.com/issues/issue199909/encryption001.html. For a discussion on using public key encryption in your applications, visit http://www.dominopower.com/issues/issue199910/encryption001.html.
One of the drawbacks to the Notes secret key encryption scheme is that only one key can be used per form. You can't use one key for some fields and another key for other fields. It is possible to use more than one key to encrypt a document. However, all the encryptable fields are encrypted with all the keys. It still doesn't get around the problem of letting some people see some fields and other people see other fields.
I'll draw upon the Human Resources example from the September and October issues. The HR department wants to track each employee's name, department, job title, salary range, and current salary, as shown in Figure A.
FIGURE A
 
The Employee form contains attributes that describe each employee. Roll over picture for a larger image.
As before, we want to limit access to the SalaryRangeLow, SalaryRangeHigh, and CurrentSalary fields. Turn on Enable encryption for this field in the Field Properties dialog box for each field. Now it's time to choose who will have access to the encrypted fields. Continuing the previous example, I'll say that Mary Smith, John Doe, and Lisa Jones will each have access to one or more encrypted fields. Mary is the VP of Human Resources, John is the Personnel Director, and Lisa is Payroll Coordinator.
If we want all three individuals to have access to all three fields, we only need to create a secret encryption key, link it to the form, and have them add the key to their Notes ID files. This time, we want to set it up this way:
- Mary can access all three fields;
- John can access only the range information;
- Lisa can access only the current salary.
To accomplish this we need to break out the information onto different forms. We'll need three forms in all: Employee, Salary Range, and Current Salary.
The Current Salary form will have two fields, Name and CurrentSalary, as shown in Figure B. CurrentSalary is encrypted as it was before on the Employee form. The Name field is copied over to act as a foreign key to the Employee form. Basically, we need to know which employee the salary belongs to. In reality, you would probably use the Social Security number or some other unique identification number for this purpose.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Sophisticated Meets Simple For Document Management
Share. Control. Manage.
Documents, emails, and content in the context of how work is done.
Native to Lotus Domino. The User Experience unseen for Lotus Domino.
Do more with less. Really.
See the possibilities Docova unleashes for Lotus Domino. |
-- Advertisement --
Struggling with exporting Notes data to spreadsheets? No More!
Try IntelliPRINT, The world's leading Reporting, Dashboards, and Analysis solution for Notes & Domino
- Don't spend unproductive time maintaining different versions of the same spreadsheet
- Preserve data integrity and security in multi-user environments
- Create reports in minutes INSIDE Notes
- Get freedom from iterative report requests, deliver self-serve capabilities
Experience Reporting, Dashboards, and Analysis INSIDE Notes.
Try IntelliPRINT NOW! |
|
|
|
|
|
|
|
|
|
|
