|
|
|
|
|
|
|
|
|
|
|
|
|
|
MORE ENCRYPTION TIPS
Advanced encryption techniques
By Tom Lowery
In the previous two issues of DominoPower Magazine I discussed secret key and public key encryption. In this third and final installment in the series, I'll discuss an additional secret key technique that can add flexibility to your secure applications. For a tutorial on secret key encryption, visit http://www.dominopower.com/issues/issue199909/encryption001.html. For a discussion on using public key encryption in your applications, visit http://www.dominopower.com/issues/issue199910/encryption001.html.
One of the drawbacks to the Notes secret key encryption scheme is that only one key can be used per form. You can't use one key for some fields and another key for other fields. It is possible to use more than one key to encrypt a document. However, all the encryptable fields are encrypted with all the keys. It still doesn't get around the problem of letting some people see some fields and other people see other fields.
I'll draw upon the Human Resources example from the September and October issues. The HR department wants to track each employee's name, department, job title, salary range, and current salary, as shown in Figure A.
FIGURE A
 
The Employee form contains attributes that describe each employee. Roll over picture for a larger image.
As before, we want to limit access to the SalaryRangeLow, SalaryRangeHigh, and CurrentSalary fields. Turn on Enable encryption for this field in the Field Properties dialog box for each field. Now it's time to choose who will have access to the encrypted fields. Continuing the previous example, I'll say that Mary Smith, John Doe, and Lisa Jones will each have access to one or more encrypted fields. Mary is the VP of Human Resources, John is the Personnel Director, and Lisa is Payroll Coordinator.
If we want all three individuals to have access to all three fields, we only need to create a secret encryption key, link it to the form, and have them add the key to their Notes ID files. This time, we want to set it up this way:
- Mary can access all three fields;
- John can access only the range information;
- Lisa can access only the current salary.
To accomplish this we need to break out the information onto different forms. We'll need three forms in all: Employee, Salary Range, and Current Salary.
The Current Salary form will have two fields, Name and CurrentSalary, as shown in Figure B. CurrentSalary is encrypted as it was before on the Employee form. The Name field is copied over to act as a foreign key to the Employee form. Basically, we need to know which employee the salary belongs to. In reality, you would probably use the Social Security number or some other unique identification number for this purpose.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
AUTOMATE LOTUS NOTES USER ID MANAGEMENT
ID Manager 4.5 from HELP Software provides a new level of automaton for managing Lotus Notes IDs. ID Manager lets Lotus Notes administrators get out of the business of creating and managing user IDs. Use our ROI calculator to see how quickly ID Manager will pay for itself.
Learn more about HELP Software products |
-- Advertisement --
Want The Top Lotus Experts By Your Side Without Paying Hefty Consulting Fees? Look No Further.
Like having a team of consultants by your side -- ones who have all the answers and never make mistakes -- THE VIEW gives you immediate access to field-tested instruction, guidance, and best practices from the brightest Lotus professionals around.
Join your peers who realize their Lotus technology is too important to let people from blogs and forums tell them how they should implement it, run it, and use it. THE VIEW is where only the world's top Lotus experts provide validated support to you on a weekly basis to ensure you work more efficiently, get more out of your Lotus technology, and stay clear of costly mistakes.
Check out the new instruction, tips, and best practices added to THE VIEW this week. |
|
|
|
|
|
|
|
|
|
|
