Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on Aug 21, 2024

'NSL' for Linux to be able to use password on server.id on Linux servers

I would like to have a way to secure a server.id on a Linux server with a password and not have to manually enter that password on start/restart. On Windows there is NSL, but on Linux we have nothing similar.

Working with Information Security I see an increasing need for being able to secure data at rest. We can encrypt databases with the server.id but if the 'bad guys' get access to the file system at a breach, they only have to copy the server.id together with the databases to be able to decrypt all databases and access the information. To mitigate this we need to secure the server.id with one or several passwords but then need to add that password at every start/restart which isn't an optimal solution.

Yes, you could say that if the OS guys just do their job this isn't a problem, but if you are a company interesting enough for the 'bad guys' they will always find a way to hack you :(

Domino on Linux is a great combination. Domino in itself is secure enough with all built-in security features. Please help us secure the server.id in an admin friendly way on Linux to take that last(?) step to make that combination bullet proof! Sort of.

  • Attach files
  • Guest
    Reply
    |
    Oct 2, 2024

    This would not be "NSL" and there is no similar functionality on Linux.
    But there could be a call-out to a credentials helper. A program that is called, socket or pipe.
    This would open the door for easy to implement 3rd party integrations without any change on the Domino side.

    [ Daniel Nashed / https://blog.nashcom.de ]