Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Assessment
Workspace Domino
Categories Administration
Created by Guest
Created on Jan 20, 2019
Merged idea
This idea has been merged into another idea. To comment or vote on this idea, please visit DOMINO-I-32 Secure server Id with password and apply the password on server restart.

Enter password secured Server IDs from the Administrator client console Merged

Server IDs should be password procted but most often they are not, because it is unpractical since you must have access to server to enter password. (Data in any encrypted database on the server can be accessed if you have the server ID.)

Suggestion:

- You should be able to enter password from the Administrator Server console. This would be a HUGH benefit tio admins

- In server document you should be able to restrict who and from which IP (range) should be able to enter Server ID password

 

This only way to ever have admins secure the Server ID's in real life, and really secure the databases data.

  • Guest
    Reply
    |
    Jan 22, 2019

    Server ID Password should be bound to the machine and applied only on that exact machine by the server process.

    Specifying it remotely does not make much sense because the server should start automatically.

    I have build an extension manager that does somethink like this. The password isn't a real password but it is caclulated based on a secret and some machine specific stuff (tricky in the virtual world).

    It would be much better when something like this would be included out of the box without external code.

    Thomas has quoted another idea in the same area which points to the same direction.

    --> https://domino.ideas.aha.io/ideas/DOMINO-I-32

    If the server is encrypted you have to protect the server.id.

    Else encrypting the data does not make much sense!

    On the other side you should be aware that the encryption of databases is mainly intended for clients that are in the field and have no hardware encryption.

    A server is located in a safe environment where access to the machine is already highly restricted.
    Physically and logically from network point of view.

    Specifying a password remotely to start the server is difficult!

    If the server really needs to be encrypted we need something better to protect the server.id from getting used in a different place along with the data.


    [ Daniel Nashed / http://blog.nashcom.de ]

  • Guest
    Reply
    |
    Jan 22, 2019

    In my opinion this idea is not necessary anymore as soon as idea https://domino.ideas.aha.io/ideas/DOMINO-I-32 is shipped.

  • Guest
    Reply
    |
    Jan 21, 2019

    @Thomas 

    In light of GDPR database encryption and password protection on Server ID file is a MUST.

    When a database is encrypted on a server it uses the server ID for the encryption.

    However if the Server ID file is not password protected itself ...the database encryption is pointless, since if someone gets hold of the server ID file he/she would have access to decrypt all databases.

    At the time at server start it possible to enter Server Id password on the server console ...there is no network connections established to the server at this point .... so you can not enter password from an Administrator client remotely.

    Being able to do that would be very very helpful....hence my suggestion

  • Admin
    Thomas Hampel
    Reply
    |
    Jan 21, 2019

    Gotcha -- it makes sense to eliminate the need for a remote control session. Would this idea solve the problem => https://domino.ideas.aha.io/ideas/DOMINO-I-32

    If yes, I'd like to merge your idea into the one above.

  • Guest
    Reply
    |
    Jan 21, 2019

    If the server id is password protected a restart of the server forces the admin to open the console on the server to enter the password. I guess it is meant that the admin can use his local admin client to enter the password directly without authentication to the server OS first.

    Mit freundlichem Gruß,

    Daniel Brix

    Dipl.-Ing. Daniel Brix
    Solutions Architect

    Daniel Brix IT-Consulting
    Schweitenkirchener Str. 5A
    D-85276 Pfaffenhofen a.d. Ilm

    tel.: +49-8441-7864792
    fax: +49-3212-3274901
    mobil: +49-160-96603029

    XING | LinkedIn | Twitter

    email: d.brix@dbit-consulting.de
    web: www.dbit-consulting.de


  • Admin
    Thomas Hampel
    Reply
    |
    Jan 21, 2019

    When an Admin is using the server console, he has been authenticated already. What is the main reason for requesting a (server?) password when opening the console?