HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Server ID Password should be bound to the machine and applied only on that exact machine by the server process.
Specifying it remotely does not make much sense because the server should start automatically.
I have build an extension manager that does somethink like this. The password isn't a real password but it is caclulated based on a secret and some machine specific stuff (tricky in the virtual world).
It would be much better when something like this would be included out of the box without external code.
Thomas has quoted another idea in the same area which points to the same direction.
--> https://domino.ideas.aha.io/ideas/DOMINO-I-32
If the server is encrypted you have to protect the server.id.
Else encrypting the data does not make much sense!
On the other side you should be aware that the encryption of databases is mainly intended for clients that are in the field and have no hardware encryption.
A server is located in a safe environment where access to the machine is already highly restricted.
Physically and logically from network point of view.
Specifying a password remotely to start the server is difficult!
If the server really needs to be encrypted we need something better to protect the server.id from getting used in a different place along with the data.
[ Daniel Nashed / http://blog.nashcom.de ]
In my opinion this idea is not necessary anymore as soon as idea https://domino.ideas.aha.io/ideas/DOMINO-I-32 is shipped.
@Thomas
In light of GDPR database encryption and password protection on Server ID file is a MUST.
When a database is encrypted on a server it uses the server ID for the encryption.
However if the Server ID file is not password protected itself ...the database encryption is pointless, since if someone gets hold of the server ID file he/she would have access to decrypt all databases.
At the time at server start it possible to enter Server Id password on the server console ...there is no network connections established to the server at this point .... so you can not enter password from an Administrator client remotely.
Being able to do that would be very very helpful....hence my suggestion
Gotcha -- it makes sense to eliminate the need for a remote control session. Would this idea solve the problem => https://domino.ideas.aha.io/ideas/DOMINO-I-32
If yes, I'd like to merge your idea into the one above.
If the server id is password protected a restart of the server forces the admin to open the console on the server to enter the password. I guess it is meant that the admin can use his local admin client to enter the password directly without authentication to the server OS first.
Mit freundlichem Gruß,
Daniel Brix
—
Dipl.-Ing. Daniel Brix
Solutions Architect
Daniel Brix IT-Consulting
Schweitenkirchener Str. 5A
D-85276 Pfaffenhofen a.d. Ilm
tel.: +49-8441-7864792
fax: +49-3212-3274901
mobil: +49-160-96603029
XING | LinkedIn | Twitter
email: d.brix@dbit-consulting.de
web: www.dbit-consulting.de
When an Admin is using the server console, he has been authenticated already. What is the main reason for requesting a (server?) password when opening the console?