The internet password is stored in the Httppassword domain of the personal document in the Domino directory, and the user name in the document is used to verify access to the Domino server through various Internet protocols, most commonly through the Web Access application. Other examples are the use of this set of credentials when receiving mail with the POP3 protocol, while the LDAP protocol verifies the identity.
The password is saved in the secret text. Prior to R6, the cryptographic password algorithm was executed by the @password formula. Since R6, for higher security, there is a new algorithm that can be executed by the @hashpassword formula. If the new algorithm is used, it can be set by using the Directoryprofile's use more secure Internet passwords domain and Domino Administrator Client, which can control the password modified since it is in effect, which can modify the existing password in bulk. As with many other mechanisms, the final sign is saved in the document. In a personal document with a new algorithm, there is a $securepassword field with a value of "1", and if not, the old algorithm is used. This field is updated in the Querysave event of the person form.
A big difference between the two algorithms is that the old algorithm does not change the results of multiple operations on the same clear text, and the new algorithm has different results for each operation of the same plaintext. Therefore, the old algorithm, although from the Httppassword domain value cannot know the password, but can determine whether the password of multiple users is the same, and whether an operation has modified the password. With the new algorithm, even if the password is not changed, ciphertext will change, if the user does not know this will cause misunderstanding.
In LotusScript and Javaapi, the session can be used respectively. Hashpassword () and session. VerifyPassword () Encrypt and verify the password.